Posts

Showing posts with the label framework

Don't update promptly

Image
I was reading an article about cybersecurity strategy and how some principles could be brought on table for a business to hold a stable cybersecurity posture, like having global policy with all its procedures, guidelines and baselines, maintaining a disaster recovery plan for potential cybersecurity incidents and adhering to reknown security frameworks and standards like NIST 800-53a and ISO 27001. In that article there was one principle mentioned however, that doesn't flow nice with the best practices as far as my experience has taught me, that principle is "apply update as soon as it is available... or .. update promptly.." As matter of fact, when we operate critical systems we are so cautious that when an update is available, we set a delay period to observe and inspect potential feedback, so in case a reported bug or misconfiguration was originated by the applied update we would have kept our systems safe until a secure update has been released. A well respected busi...

How to make safe choices when opting for opensource in your business ?

Image
Whether you are looking for a document management system or a development framework for your next business application, you might be considering some options from opensource solutions (well.. most of the time), however picking up the right choice that fits to your requirements doesn't necessarily make it a safe choice. Imagine a company is using a system (could be an ERP, CRM, DMS, ESB...) for a couple of years and that system relies on a framework or third party modules, that one day the provider announced that in the near future his framework will stop receiving maintenance updates, or that the next version will be released under different opensource license, that has more restrictions [ Opensource licenses in a competitive environment ]. What would be the stakeholder decision ?