Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) designed to explain the entire upgrade process, taking into account all the things that might (and probably will…let’s face it) go wrong. Plan for the worst and hope for the best is advice that clearly should be taken to heart, in light of even the most minor upgrade. And to make things even worse, many upgrades require a restart or reboot, and often induce some sort of outage and downtime.
As a result, and in the context of an organization’s critical IT systems, upgrades often require after-hours work. Normally, it starts with diverting traffic to a redundant or secondary site, performing the upgrade on the primary site, testing the outcome, and then diverting traffic back to the primary site. Often, and to ensure all systems are running the same updated versions, the secondary site would have to be upgraded as well.
Once the secondary site was upgraded, operators would then divert traffic from primary to secondary and back again, to guarantee everything would work if there was an unplanned outage outside of the upgrade window. And then, the “fun” starts. Every software upgrade (major or minor) brings all the improvements and also, lots of uncertainty. The hope is that all the previous system-integrations and features will only get enhanced, and not get broken. So… this is why I (often) hate software upgrades.
But guess what? Not all upgrades are created equal. Our mission at Checkmarx, is to help organizations deliver secure software at scale. We work closely with the developer community to develop software and methods that integrate seamlessly into their day-to-day activities. When Checkmarx provides an upgrade or update, you are guaranteed that something is going to be vastly improved that makes the jobs of developers and AppSec teams better. So… what is this is all about?
Ruleset Content Packs
Out-of-the-box accuracy has always been a key evaluation criteria for organizations who purchase and deploy Static Application Security Testing (SAST) solutions. This is why we continue to invest significant resources in maintaining and improving the accuracy of our Checkmarx CxSAST test results and findings. In that spirit, we decided to create our new CxSAST Ruleset Content Packs (CPs). These CPs include query and preset updates that improve our CxSAST overall accuracy, reducing both false-positives and false-negatives, and improving the security of the software your organization develops.
And… I’ve saved the best for last. Deploying new CPs are easy and they do not require a full version upgrade. We encourage customers to consult with their Checkmarx technical liaison to better understand what changes to expect, once the CP is deployed. Additional technical details about the latest CP can be found here.
Download the latest Ruleset Content Pack (CP) here.
*** This is a Security Bloggers Network syndicated blog from Blog – Checkmarx authored by Liron Golan. Read the original post at: https://www.checkmarx.com/2019/11/26/why-i-hate-software-upgrades/