Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Ensure the security and stability of IT systems.

  • Minimize the risk of vulnerabilities.

  • Maintain compliance with industry standards and regulations.

  • Provide a structured approach to patch management.

Process

Identification

  • Regularly check vendor websites, security bulletins, and automated tools for new patches especially from Azure

  • Use https://trivy.dev/ or comparable tool to automatically scan each build artifact for known vulnerabilities and regularly check results of the scans

  • Regularly check Bug Bounty Program reports for reported vulnerabilities

  • Regularly check GH Advanced Security CodeQL scan reports for reported vulnerabilities in code

Automation

  • Use renovate or dependabot to automatically create patches for libraries used in source code

  • Automatically rebuild all images at least once a week to apply latest base image and OS vulnerability patches on a continuous basis

Evaluation

  • Evaluate criticality severity of each patch vulnerability based on CVSS 3.1 and apply according to timelines:

...

  • Ensure patches compatibility with existing systems and applications

Reporting

  • In case of High or Critical severity vulnerabilities Unique reports the vulnerability and its details to partners running Unique on their own environments quarterly upon request

Deployment

  • Test patches in test environments or on non-critical systems first

  • Ensure backups are available before applying patches to production systems

  • Apply patches during low-usage periods to minimize disruption if disruption is anticipated

Verification

  • Verify that patches have been successfully applied, that systems are functioning correctly and that vulnerabilities are not exploitable anymore

...