CVE Monitoring and Patch Development
Rietta monitors our client’s dependencies for published vulnerabilities daily via a combination of automated tooling, and open source intelligence (a fancy way of saying we subscribe to a lot of security announce mailing lists), and seasoned security knowledge.
This service is a foundation for maintaining the security of an application. One of our government clients said that he loves it when he gets an e-mail from us that we have deployed to production a fix for a problem and then the next day reads about the security risk in other media. He is able to communicate with his agency stakeholders that they have the problem under control and are prepared.
Automated and Expert Processes
- Inventory your software dependencies (or bill of materials)
- Automated monitoring for newly published CVEs that impact your software
- Evaluate upcoming issues prior to formal CVE based on open source intelligence
- Triage and remediate
- Security expert examines all flagged CVEs and evaluates potential impact for your specific application
- If an update is available and merited, we immediate produce and test a software update to fix the security issue
- If the issues is lower risk, communicate that an update can be postponed
- If no security patch is available for the risk, communicate potential options
Related Services
- Code review and remediation of immediate high priority security issues
- Automated test case improvement
- Dockerization
- Improving build pipelines in GitHub or similar
- Ongoing monthly support and reporting
Next Steps
If you'd like to discuss your specific requirements, feel free to schedule a free consultation. We'll provide detailed information about our services and tailor a plan to meet your unique needs. You can reach us at our Atlanta office: +1 (770) 623-2059.