So, in short, you tell us that Clarivate contractually commits to open security holes in their products?
Looking at what’s currently happening all around the world this is highly alarming, considering the great distributtion of this company’s products in the academic world. It looks as though it’s necessary to reconsider product decisions and not only for reference management sw…
are for, and I quote from the document you cite: “These guidelines provide technical requirements for federal agencies implementing digital identity service*“***.
This is for US Federal Agencies and interacting with Government systems. Can you cite the section that says a system like Endnote, with no classified information, no security implications needs a 180-day change of passwords?
And specifically as 5.1.1.2 Memorized Secret Verifiers says : “Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).“ as this states that you “SHOULD NOT” require a password to be changed arbitrarily. E.G Periodically.