Hello, I don’t really know where to put this question, so please point me to the right channel if this is the case. As a company based in Italy in offer software services to public administration entities we need to satisfy a list of requirements. Among those there is the need to satisfy some requirements about security, specifically we have to declare our software is subject to verification via OWASP security testing guidelines. Since we provide OJS as a service we need to declare OJS is tested using OWASP guidelines. Of course that could be not enough if we would use some theme or plugin since we will have to declare the same for those pieces of software, but knowing a bare TYPO3 web site is already tested would be a good starting point. So does anyone knows if OJS is tested using OWASP guidelines and tools?