Build and Deployment -> Patch Management: Usage of a short maximum lifetime for images
Risk and Opportunity
Risk: Vulnerabilities in running containers stay for too long and might get exploited.
Opportunity: A good practice is to perform the build and deployment daily or even just-in-time, when a new component (e.g. package) for the image is available.
Additional Information
Implementation hints
- Sample concept:
(1, , Tags:
Usefulness and Requirements of this Activity
Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low
OWASP SAMM VERSION 2
ISO27001 2017