In this blog post, we discuss the universal measures that will harden your security system to the risk of cyber security threats.
Blog
Published:
March 2022
Author:
Dan Noble
In this blog post, Dan Noble explains what a software vulnerability is and how Synectics manages them.
A software vulnerability is a weakness or gap in security checks within a software component that can allow an attacker to perform unauthorised actions. Software vulnerabilities in this context relate to how the software has been built as opposed to how it has been configured and implemented. End users of the software are in control of how the software is configured to protect against cyber-attack but have no control over how the software is built.
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of software vulnerabilities. It considers factors such as the ease with which a software vulnerability can be exploited and the impact of any exploits. It is a numerical scale from 0 – 10 with 10 being the most severe. CVSS defines vulnerabilities with a score of 9 – 10 as ‘critical’. CVSS is owned and managed by a non-profit organisation called First.Org, Inc.
Critical vulnerabilities are rare. They are, however, very visible since they are often published in news and social media channels. Most vulnerabilities are not critical in risk or impact and are addressed as part of our ongoing software quality and release processes.
Synectics software products are built using a combination of proprietary and third-party components. When we build new software releases, we check the components against a regularly updated list of known vulnerabilities. We also monitor various digital channels used for reporting vulnerabilities.
We then analyse the severity and impact of the vulnerability when deployed within our software solutions. This is an important step: a critical vulnerability identified in a third-party component may not be critical in the context of a Synergy deployment.
We want our customers to have best-of-breed software solutions. Using third-party components allows us to leverage expertise across multiple areas (e.g. logging) and enables us to focus on our core strengths in security, surveillance and workforce management solutions. Using third-party components is common practice in software development.
We identify mitigation steps to reduce the vulnerability and work on a ‘hot fix’. Just as important is the external communication so you are informed of how the vulnerability can be managed.
If the vulnerability is assessed as being critical for our customers it may need to be addressed outside of our product release cycles. A ‘hot fix’ is a time-sensitive non-functional release of our software. Depending on the software platform, it will be automatically applied or made available as a downloadable installer. For example, our mobile solutions will have the hot fix automatically pushed out, whilst Synergy will require a system administrator or integrator to install an update.
In this blog post, we discuss the universal measures that will harden your security system to the risk of cyber security threats.
Explore
Discover how to avoid potential issues by adopting five simple ways to keep your Synergy system in tip-top health in this on-demand webinar.
Explore
Migrating to an IP surveillance system is a dominant trend across most sectors. In this white paper, we explore the key considerations for establishing a high-performance network that supports surveillance objectives.
Explore