HighByte Blog
|
Read company updates and our technology viewpoints here.
|
|
Time to read: 3 minutes  Posted by Tony Paine We live in a time where attacks on critical infrastructure and the underlying software and hardware that comprise these systems is all too common and will only increase year over year. Rest assured that HighByte is committed to putting security first in its design and implementation of its software solutions. Our industry recognizes that a defense-in-depth strategy must be employed when building out a technology stack from various components. This not only applies to an end-user’s use of applications and equipment from various vendors, but even more so by vendors who develop solutions that pull in third-party technology or tap into interfaces and standards that allow for seamless integration with foreign sources of data and information. One recent example of vendors’ use of third-party technology was the end-of-2021 buzz around security vulnerabilities in Log4j—a widely used component for logging information to various mediums (e.g., text files, SQL databases, console windows, etc.). HighByte Intelligence Hub was not immune to this vulnerability due to its use of Log4j for logging informational and diagnostics event messages within the product.
We became aware of the issue shortly before we officially released HighByte Intelligence Hub version 2.2, allowing us to include an updated Log4j component that addressed the security vulnerability. Unfortunately, this was one of several Log4j security vulnerabilities and patches that the industry would encounter over the course of the week that followed, requiring a couple re-releases of the version 2.2 product with further Log4j patches. Concerned that we would always be one Log4j patch behind, we re-evaluated our use of this component and decided to pull out direct use of Log4j in HighByte Intelligence Hub. This component was replaced with our own logging technology that provides the same capabilities, limits the scope to only the logging capabilities needed by our product, and is available for immediate download. Though this is just one example, HighByte will continue to put security first in the design and implementation of the company’s solutions. Whether this is within our own intellectual property, or part of a third-party component we rely upon, we are committed to ensuring end-users of HighByte Intelligence Hub can rely on our layer of the technology stack to meet their defense-in-depth objectives. To learn more about the latest release of HighByte Intelligence Hub and access additional resources, read this blog post by HighByte CTO Aron Semle. If you have questions about the release or product security best practices, please contact us. Comments are closed.
|
