Security Patch Process
Jan 1 2022 at 12:00 AM
All security vulnerabilities reported will be evaluated by the IoT.nxt® security team. The vulnerabilities will be assigned a risk severity rating, based on likelihood and impact. The risk severity rating will be assigned by qualified IoT.nxt® personnel. The risk severity rating, assessment and technical details are then provided to the IoT.nxt® development team.
All vulnerabilities will be assigned a risk rating using the OWASP Risk Rating methodology.
Possible risk severity ratings are:
- High
- Medium
- Low
Table 1 shows the strategies applied to resolve security vulnerabilities.
Table 1: Vulnerability patch policy.
| Risk severity rating | Approach |
|---|---|
| High | Update vulnerability by hotfix. |
| Medium | Update to be provided at next release cycle (occurs once every 3-4 weeks). |
| Low | Scheduled to be addressed in current or future sprint (depending on vulnerability and impact). |