The security being a major concern for IT companies, a separate department for IT security administration is created in every company. Their major responsibility is to make sure that there are no vulnerabilities in terms of the networks, web, and OS infrastructure.
We should download Tomcat from the Tomcat website or any secure, known host. There is a chance that malicious software is shipped with Tomcat if we download it from an unknown source. Once the download is complete, verify the integrity of Tomcat using MD5/PGP. In case of Linux, the MD5 can be verified with Open Specification for Pretty Good Privacy (OpenPGP). This is a must in the process of production systems.