You are here

Vulnerability Identification and Assessment

Subscribe to Syndicate
PCI requires that a venue establish a listing of security vulnerabilities and track them in a database as well as implement programs to prevent vulnerabilities PCI requirement 6.2.

Common Vulnerabilities and Exposures (CVE) vulnerabilities are reviewed at least monthly. As standard practice, Arts Management considers all CVE's to be a high priority for the software we incorporate. As such, these will be implemented using the auto deployment processes (regardless if they really affect Theatre Manager or not) under the principle of better to be safe than sorry. The release notes may mention any important fixes felt to be applicable.

We provide a list of vulnerabilities & patches specific to Theatre Manager and its components and update our installers regularly to address known issues.

Addressing PCI compliance and preventing most security issues is as simple as:

  • Keeping Theatre Manager up to date with the latest version (this occurs automatically via the auto deployment systems)
  • Updating all operating systems to current updates from the vendor
  • Having current anti-virus software in place

However, this is only one aspect of protecting your network. It is far more likely that vulnerabilities will arise from other programs. Here are some links that might be of interest to you to help maintain the health of your computers and networks.

Item Purpose
NIST.gov This web site has a list of recent security issues from the government web site. It is useful for seeing if there is something pertinent to your software suite. This is worth searching on a periodic basis.
NIST.org This web site has a summary of common security fixes and patches distilled from the government web site.
Secunia
PC only
PC's are vulnerable in a number of ways. Secuia is a free tool (for personal use) that inspects your PC and tells you about any vulnerabilities you may have on your PC that you are unaware of, and will automatically update versions of other software.

Note: Never forget to have anti-virus software on your machine.

Software Update Mac Only macOS has a software update feature for the operating system. For workstations, we recommend automatically applying security patches.
OSVDB This is an open source vulnerabilities database. We look at this periodically to see if there is anything that might affect tools that we supply to you. Apache and Postgres are both open source, so this is of interest to us. You may find other information, especially if you are using many open source tools.
QUALYS Labs Use this to verify if a TLS Certificate is setup right and if system scans are looking for new vulnerabilities