5.1.1.4 Process to record and react to the availability of new security updates based on a risk-benefit assessment

From aptrust
Jump to: navigation, search


5.1.1.4 Process to record and react to the availability of new security updates based on a risk-benefit assessment
Status Ready for review
Compliance Rating Fully compliant
Responsible

Requirement: The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment.

APTrust adheres to procedures pertaining software updates that can be found here: Support and Maintenance#Software updates

Third-party libraries that are used in our code are checked for updates on a continuous basis by using Codeclimate and Go Report Card. The technical team is notified by email about outdated libraries and acts accordingly.