Security Processes At GroundWork Monitor

GroundWork includes many third party open source components in its Systems and Network Monitoring solutions. Constant vigilance and well defined processes are required to guarantee a high quality and commercially secure product. GroundWork has incorporated the following steps into its software development process:

• GroundWork has developed a comprehensive, automated regression test suite. This test suite is updated and executed for all releases.
• The Nessus security scanner tool has been incorporated into our regression test suite and is used for releases.
• Third party security audit — GroundWork has hired IBM's Internet Security Systems team to perform security audits on our software. The security audit is performed on all major releases.
• GroundWork monitors the following sources for security alerts:
1. National and International security databases — CVE, National Vulnerability Database, US–CERT
2. Forums of our key third party open source components (Apache, PHP, MySQL, Nagios*, ntop, Cacti, Weathermap, BIRT, RRD Tool, SNMP TT, Syslog NG, etc.)
3. GroundWork community forum
4. GroundWork customers via our customer support organization
• GroundWork publishes known security issues in its products. These security alerts are published on the GroundWork community forum and on GroundWork Connect. In addition, for critical security vulnerabilities, GroundWork sends the security alerts directly to its customers via email. The security alerts include a description of the issue, whether or not GroundWork software is vulnerable, and what the customer can do to minimize the vulnerability.
• Depending on severity of the known security vulnerability, GroundWork will proactively respond with a fix via an emergency patch, service pack, and/or new release.
• GroundWork includes documentation with best practice software configuration for optimal security.

* Nagios is a registered trademark of Nagios Enterprises