Page History
...
- SOS is striving to use up-to-date versions of 3rd-party components.
- SOS cannot exclude a situation when 3rd-party components are hit by vulnerabilities.
- SOS is monitoring 3rd-party components for vulnerabilities at an ongoing basis.
- If vulnerabilities are detected the Release Policy - Vulnerability Management applies.
- This includes to make information about vulnerabilities public with our Change Management System, see https://change.sos-berlin.com
- This includes to add fixed versions of 3rd-party components to JS7 maintenance releases in a timely manner.
- The SBOM enables users to check directly from their JS7 scheduling environment if a vulnerable version of a 3rd-party component is included.
- JS7 SBOM files include any components developed by SOS and by 3rd-parties.
- In addition, dependencies for any components are included with an SBOM file. This allows to track down which components are affected by a given vulnerability.
- Users of JS7 can check independently from SOS if the version of JS7 in use is affected by a given vulnerability and which component or feature makes use of vulnerable libraries.
Accessing the Software Bill of Materials
...
Overview
Content Tools