...
Ensure the security and stability of IT systems.
Minimize the risk of vulnerabilities.
Maintain compliance with industry standards and regulations.
Provide a structured approach to patch management.
Process
Identification
Regularly check vendor websites, security bulletins, and automated tools for new patches especially from Azure
Use https://trivy.dev/ or comparable tool to automatically scan each build artifact for known vulnerabilities and regularly check results of the scans
Regularly check Bug Bounty Program reports for reported vulnerabilities
Regularly check GH Advanced Security CodeQL scan reports for reported vulnerabilities in code
Automation
Use renovate or dependabot to automatically create patches for libraries used in source code
Automatically rebuild all images at least once a week to apply latest base image and OS vulnerability patches on a continuous basis
Evaluation
Evaluate criticality severity of each patch vulnerability based on CVSS 3.1 and apply according to timelines:
...
Ensure patches compatibility with existing systems and applications
Reporting
In case of High or Critical severity vulnerabilities Unique reports the vulnerability and its details to partners running Unique on their own environments quarterly upon request
Deployment
Test patches in test environments or on non-critical systems first
Ensure backups are available before applying patches to production systems
Apply patches during low-usage periods to minimize disruption if disruption is anticipated
Verification
Verify that patches have been successfully applied, that systems are functioning correctly and that vulnerabilities are not exploitable anymore
...