NetX Duo critical issue procedure and time

HugPeter-9392 246 Reputation points
2022-09-15T09:50:09.39+00:00

Hello
I would like to know how you react on critical security issues. Primary within NetX Duo but also in all other ThreadX related components. How do you handle such situations? Is there a defined procedure?
We have customers that expect bug fixing software releases within 30 days after a bug gets found. How many days do you usually require for fixing a bug and to provide a resolution for common use? Is there an upper worst case number of days defined?
Thanks for support
Peter

Azure RTOS
Azure RTOS
An Azure embedded development suite including a small but powerful operating system for resource-constrained devices.
331 questions
{count} votes

Accepted answer
  1. Liya Du 446 Reputation points
    2022-10-04T17:00:06.527+00:00

    Hi @HugPeter-9392 , Azure RTOS will communicate the and deliver the critical security fixes in our product with following procedures:

    1. We will identify the issue and confirm it in the first place
    2. We will patch and release the fix by following our product support policy: http://aka.ms/azrtos/lts
    3. We will then create the GitHub security advisory (e.g. https://github.com/azure-rtos/usbx/security/advisories) and related CVE ID with it.

    And for turn-around time, if customer need the fix urgently, we can hand over the patch directly to them. Normally a critical bug fix will be release within a couple of days or weeks within 30 days after it's confirmed.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.