IronXL - Security CVE

Please see information below regarding IronXL:

  1. All Iron Software products are DigiCert certified
  2. IronXL does not use Microsoft.Office.Interop
  3. IronXL does not use web services nor send data across the internet
  4. No COM or COM+ interfaces are exposed in the IronXL.dll
  5. The library is written entirely in C# which protects implicitly from many common attack vectors
  6. As few entry points as possible to the API are exposed
  7. Strong naming and sophisticated tamper protection
  8. Regularly scanned with multiple anti-virus/anti-malware scanners, using highest security and heuristic search for potential threats
  9. Every line of code goes though at least two levels of human review by senior engineers to check for security vulnerabilities
  10. IronXL makes no known access to un-managed code, unlike other Excel Libraries which use Office Interop
  11. IronXL makes use of following .NET dependencies - none of which are known to us as a security attack vector - particularly as every object is internalized to our library (static linking) with no public or external access