Vulnerabilities policy
Every complex system such as SentiOne Automate is composed of multiple smaller subcomponents. These include things like databases, internal modules as well as third-party libraries.
Each of these components might be at risk of discovery of new security vulnerabilities which could pose a threat to the system.
While most of vulnerabilities require very specific set of conditions to be met in order to exploit it, this may not always be the case.
Since SentiOne takes security concern very seriously, we take following measures to protect our customers from the damages that such vulnerabilities may create.
Third-Party libraries
Every day we scan every Java library for any new vulnerabilities that the IT-Sec community discovered.
We use best-available open-source technologies for that purpose.
Vulnerability policy
Our internal policy is to take care of every vulnerability with CVSS score above or equal to 7.0 (High)
For these kind of vulnerabilities we assess their impact on our system immediately after discovery. If the assessment proves that it can be exploited on the platform then we plan necessary actions in order keep the system secure.
Actions
In most cases we try to upgrade to newer version of the library which is unaffected by the security loophole.
On rare occasions however we might consider replacing library with some unaffected alternative.
Other components
We actively monitor IT news in terms of security loop-holes discovered.
If we identify that components such as Databases that we use might be affected we inform our customers and implement upgrade plan.
Updated almost 2 years ago