What are people currently using for tracking status of security updates of software which you depend upon in production? This is separate from "apply vendor security updates" as it pertains to the items which you build from source or with custom packaging, because it's a core part of the line of business, or for whatever other reason.
Just tickets in your regular ticketing system, perhaps in a special queue? Something else? What sort of automation? Eg, a vendor security notice (Ubuntu USN or whatever) comes in; does it tie into existing tickets with CVEs already tracked and handled, or is it a new issue? Is it partly for something already dealt with, but there's an extra CVE which was fixed and which needs a new rollout? How do you track when you'll need customer/client notification, vs just being able to hotfix? How do you track release qualification status? If you're using an existing ticketing system with some customisation, are there any templates which you can share? Thanks, -Phil _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
