Security updates
We take security seriously at Vectice. This page outlines our approach to keeping your deployments secure.
OS updates
Frequent Kubernetes Updates: We leverage a Kubernetes managed service to ensure our Kubernetes environment receives monthly updates. These updates include critical security patches and improvements to the underlying platform.
Lightweight, Community-Maintained Docker Images: Our software uses minimal Docker images, reducing attack surface and potential vulnerabilities. The open-source community actively maintains these images, benefiting from continuous security improvements.
Packages update
Regular Package Updates: We release security patches and functionality updates for our core software components every two weeks.
SLA
Vectice follows CVSS 3.1 vulnerability assessment and commits to vulnerability resolution with the SLA below:
CVSS 3.1, or the Common Vulnerability Scoring System version 3.1, is a standardized framework used to rate the severity of security vulnerabilities in software. It provides a numerical score reflecting a vulnerability's potential impact and exploitability, helping organizations prioritize their remediation efforts effectively.
Vulnerability | Resolution target time | Mechanism |
Critical | << 14 days | Patch or regular release |
High | << 14 days | Patch or regular release |
Medium | << 1 month | Regular release |
Low | << 2 months | Regular release |
For more information:
Last updated