I am  trying to get my organisation to use Boost.<div><br></div><div>I have managed to get it included in source control and we have permission to use it in our unit testing.</div><div><br></div><div>The main objection to using it in our production code is that it could be a potential security risk. </div>
<div><br></div><div>I suggested that we restrict the usage of boost to the template\ headers only libraries. I don&#39;t see how the templates in boost can cause more of a security risk than what we have currently with the STL. </div>
<div><br></div><div>My question is: How is vulnerabilities in the library dealt with? How is new vulnerabilities communicated to the user&#39;s community?</div><div><br></div><div>I would also like to know historically, how many and how often were vulnerabilities discovered?</div>
<div><br></div><div>Any good references would  be great.</div><div><br></div><div>Thanks,</div>