Here are some examples for security related question arround the HUB which are concern to us as MOBOTIX and our OEM Supplier
Describe how you manage security during the development lifecycle.
Every night automated test are done any code requested to be imported to the repository. Every morning the developers will receive reports upon detected errors and security issues. The Product Security Incident Response Team (PSIRT) of MOBOTIX´s OEM-Partner manages the receipt, investigation, internal coordination, and disclosure of security vulnerability information related to MOBOTIX Hub products. On top of our ongoing procedures aimed at security investigation, Mitigation, and disclosure, we encourage security researchers, customers, and partners to report any potential security vulnerability related to Mobotix Hub products.
Describe your vulnerability management process.
MOBOTIX follows strict disclosure policies and together with its OEM Partner is compliant with the IEC 29147 standard aiming to provide the best cybersecurity experience. In alignment with our Vulnerability Handling Process, MOBOTIX is committed to providing mitigations and/or software updates for any potential vulnerability found in our supported products, as soon as possible and free of charge.
Describe your patch management process.
MOBOTIX releases regular updates to MOBOTIX HUB products in the form of hotfixes and cumulative patch installers releases. Hotfixes are MOBOTIX’s timely response to customer-reported problems and a way to deliver occasional security-related updates that can affect any software product.
Describe your internal software audit process ( Pentest, …)
To ensure our product’s resilience against potential cyber threats, we make sure our software undergoes rigorous testing three times a year — a process conducted internally by our team of Product Security experts.
As an additional layer of security, the MOBOTIX OEM Partner has since 2019 been subjected to full penetration testing conducted annually. The results of each test are then examined and analyzed by our experts who make sure the findings are brought back into our product development process and addressed in our relevant guides.