An Introduction to Product Security at eZ Systems
This is the first blog of many where we'll dig deeper into how we prevent and mitigate vulnerabilities in our product, we'll share learnings and give you tips on security best practices when building digital experiences.
In the 21st century, computer security affects everything because everything is controlled by computers. Anything that moves: ships, airplanes, trains, cars, and even those rental electric kick scooters zooming around our cities. Anything that works for us: industrial machinery, ATMs, voting machines, air conditioning systems, drinking water quality monitors, lawn mowers, TV sets, baby monitors. There are computers on, and even in our bodies: wearables, insulin dispensers, pacemakers. If you want, you can even buy a toothbrush with a computer in it. The list is endless.
All the above may have security vulnerabilities that can be taken advantage of by those people who wish to do us harm. To hurt us physically, or steal from us, spy on us, or slander us. At the other end of the spectrum there are well-meaning people who make honest mistakes, breaking things without intending to. Ultimately is it computers that can enable this harm or prevent it. To be clear: we don't work on computer security to protect computers, we do it to protect people. Computer security is people security.
Like most in the professional software industry, we at eZ Systems are well aware of the threats that insecure systems can present, and it is our responsibility to prevent and mitigate vulnerabilities in our products. To date, we have kept fairly quiet about what we do in this regard, but security by obscurity is poor security. However, openness is in our blood, and our partners and customers would benefit from knowing more. So, we are going to be more vocal in the future, starting today with this blog post.
Over the next few months I plan to be more concrete and technical, touching on subjects like eZ Platform configuration, development with eZ Platform and Symfony, security vulnerability case studies and what we can learn from them, and more. I'll also explore the topics of maintenance and software distribution, both of which have their own security challenges and must evolve like everything else.
In the meantime: stay safe! Remember that a good habit to keep is to always install the latest security updates when they become available.
If you would like to touch base on any security aspect of eZ Platform or if you would like to discuss your requirements for successful digital transformation in your organization don't hesitate to contact us