Hello,
I hope this message finds you well. I am writing to discuss an important security matter regarding your product, Jenkins. We greatly value the solution your company provides and as a dedicated user of your product, we believe it’s essential to address a security concern to ensure the continued safety of our systems and data.
Considering the increasing importance of web security, we have been reviewing the security measures in place for all our software applications, including third-party integrations like Jenkins. One fundamental aspect of web security that we would like to discuss is implementation of Content Security Policy (CSP) headers.
Content Security Policy is a crucial security feature that helps protect web applications against various types of attacks, including Cross-Site Scripting (XSS) and data injections attacks.
By defining a CSP policy, your application can specify which sources of content are trusted, thereby mitigating the risk of malicious code execution.
We have noticed that your application currently does not include CSP headers in its HTTP responses. We kindly request that you consider implementing CSP headers to enhance the security of your product. Doing so will not only bolster the trust and confidence we have in your application but will also align with best practice in web security.
We appreciate your attention to this matter and look forward to discussing the implementation of CSP header further. Please let us know your thoughts, regarding this matter.
Thank you for your prompt attention to this important security request.
Best Regards,
DevOps-as-a-Service Team
T-SYSTEMS INTERNATIONAL GMBH
Service Desk DevOps-as-a-Service
Hahnstr. 43 d, D-60528 Frankfurt am Main
Service hotline: +49 69 9731799115
WEB-Portal: https://prd.sdc.t-systems.net/jira/servicedesk/
E-mail:
dev...@t-systems.com
Internet: http://www.t-systems.com
Social Media: Twitter,
Xing,
Linkedin
Let‘s power higher performance
You can find the compulsory statement on: www.t-systems.com/compulsory-statement
BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named
above. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.