Versions Compared

Version Old Version 4 New Version Current
Changes made by

Onesait Platform

Onesait Platform

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Available since Release 5.1.0 (Survivor)

Introduction

Like any other software, Onesait Platform has multiple dependencies on third-party software, from libraries used during development time, to operating systems used in containers at deployment time.

...

Starting with this release (2023, Q2), the Platform has incorporated vulnerability management within the product life cycle, which guarantees the Platform's commitment to this issue.

How does the process work?

In each (quarterly) release, we analyze the software (both proprietary and third-party) that makes up the Onesait Platform, detecting critical and serious vulnerabilities, and drawing up a correction plan during the release.

...

Info

IMPORTANT

  • Vulnerabilities do not stop appearing, which may mean that the Platform has zero critical vulnerabilities at the time M-2, but new ones have appeared in M. Therefore, this vulnerability management must be seen as a continuous improvement process, and the existence of vulnerabilities, both in the Platform and in the projects that use it, must be understood as normal.

  • In some cases, the version of the projects that use the Platform cannot updated, either because the version has been certified by the client, because the product is in production and must be planned, or for other reasons.

  • If a Platform client needs different vulnerability management (with more frequency or detail), they can request it, in which case they must assume the extra effort.

How has it been technically implemented?

In this release, the vulnerability detection process has been automated.

...