Security of Open Source Software (OSS) is paramount in the minds of Enterprises using OSS projects in production environments. Many OSS projects ensure that the software is patched quickly to mitigate any identified critical vulnerabilities. The exact vulnerabilities and timeline to fix them may not align with the Enterprise using these projects. Typically, vendors providing commercial support are an option to ensure the production implementation is secure and compliant.
Spinnaker (www.spinnaker.io) is a multi-cloud continuous delivery platform that was originally open-sourced by Netflix but has since been maintained by a large community.
OpsMx, a leading provider of intelligent continuous delivery platforms, offers the most secure and hardened Spinnaker distribution for Enterprises interested in using OSS Spinnaker. In addition, the OpsMx Intelligent Software Delivery (ISD) platform packages Spinnaker inside and offers additional benefits beyond the capabilities of OSS Spinnaker.
Benefits of the OpsMx ISD Spinnaker Distribution for Enterprises include:
- No Forking or Lock-in: Built on upstream Open Source Spinnaker with additional patches for severe security vulnerabilities with no forking or lock-in. All patches are upstreamed to be available in future community OSS releases.
- Hardened UBI8-Based Images: The OpsMx ISD Spinnaker distribution is provided in industry-standard, most secure RedHat UBI8-based images.
- FIPS-140-2 Validated: OpsMx ISD Spinnaker images are validated for FIPS-140-2 (Federal Information Processing Standards) compliance.
- Predictable Patched Version Availability: OpsMx will ensure predictable availability of patched versions based on the below schedule for ISD Spinnaker.
| Rating | CVSS Score | OpsMx Patched Version Availability |
| Critical | 9.0-10.0 | <1 week |
| High | 7.0-8.9 | <30 days |
| Medium | 4.0-6.9 | As required <90 days |
| Low | 0.1-3.9 | As required |
| None | 0.0 | As required |
0 Comments