JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 13

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SOS is striving to use up-to-date versions of 3rd-party components.
  • SOS cannot exclude a situation when 3rd-party components are hit by vulnerabilities.
    • SOS is monitoring 3rd-party components for vulnerabilities at an ongoing basis.
    • If vulnerabilities are detected the Release Policy - Vulnerability Management applies.
      • This includes to make information about vulnerabilities public with our Change Management System, see https://change.sos-berlin.com
      • This includes to add fixed versions of 3rd-party components to JS7 maintenance releases in a timely manner.
  • The SBOM enables users to check directly from their JS7 scheduling environment if a vulnerable version of a 3rd-party component is included.
    • JS7 SBOM files include any components developed by SOS and by 3rd-parties.
    • In addition, dependencies for any components are included with an SBOM file. This allows to track down which components are affected by a given vulnerability.
    • Users of JS7 can check independently from SOS if the version of JS7 in use is affected by a given vulnerability and which component or feature makes use of vulnerable libraries.
  • Users have a choice to remove vulnerable 3rd-party components from the installation of a JS7 product:
    • The JS7 - Package Management offers to disable/enable software packages.
    • This approach is applicable if minor features of JS7 are affected and if users are willing not to use such features.

Accessing the Software Bill of Materials

...