Company
Date Published
Author
Mike Geehan
Word count
1714
Language
English
Hacker News points
None

Summary

Cockroach Labs' approach to vulnerability management is a critical aspect of their software development process. The company prioritizes Quality and focuses on delivering the highest performing, most resilient transactional database platform on the market. Vulnerability Management is an essential part of this process, involving a layered and complex space owned by multiple teams. Cockroach Labs scans their code base nightly to identify new vulnerabilities and addresses them according to their internal SLA for vulnerability management. The company takes a nuanced approach to triaging vulnerability reports, weighing severity against the code base itself to reclassify vulnerabilities as false positives or lower-severity issues. This process is crucial in reducing the likelihood of breaches and minimizing disruption to the engineering development process.