Supporting software

An important aspect of IBM Storage Ceph security is to deliver solutions that have security built-in upfront, that IBM supports over time.

Specific steps which IBM takes with IBM Storage Ceph include:

• Maintaining upstream relationships and community involvement to help focus on security from the start.

• Selecting and configuring packages based on their security and performance track records.

• Building binaries from associated source code (instead of simply accepting upstream builds).

• Applying a suite of inspection and quality assurance tools to prevent an extensive array of potential security issues and regressions.

• Digitally signing all released packages and distributing them through cryptographically authenticated distribution channels.

• Providing a single, unified mechanism for distributing patches and updates.

In addition, IBM maintains a dedicated security team that analyzes threats and vulnerabilities against our products, and provides relevant advice and updates through the Customer Portal. This team determines which issues are important, as opposed to those that are mostly theoretical problems. The IBM Product Security team maintains expertise in, and makes extensive contributions to the upstream communities associated with our subscription products. A key part of the process, IBM Security Advisories, deliver proactive notification of security flaws affecting IBM solutions, along with patches that are frequently distributed on the same day the vulnerability is first published.