Blog

Why I Hate Software Upgrades

Well, to be honest, I don’t hate them. However, upgrading software, any software, isn’t always a simple task. To start with, organizations often need to write up a statement of work (SOW) designed to explain the entire upgrade process, taking into account all the things that might (and probably will…let’s face it) go wrong. Plan for the worst and hope for the best is advice that clearly should be taken to heart, in light of even the most minor upgrade. And to make things even worse, many upgrades require a restart or reboot, and often induce some sort of outage and downtime. As a result, and in the context of an organization’s critical IT systems, upgrades often require after-hours work. Normally, it starts with diverting traffic to a redundant or secondary site, performing the upgrade on the primary site, testing the outcome, and then diverting traffic back to the primary site. Often, and to ensure all systems are running the same updated versions, the secondary site would have to be upgraded as well. Once the secondary site was upgraded, operators would then divert traffic from primary to secondary and back again, to guarantee everything would work if there was an unplanned outage outside of the upgrade window. And then, the “fun” starts. Every software upgrade (major or minor) brings all the improvements and also, lots of uncertainty. The hope is that all the previous system-integrations and features will only get enhanced, and not get broken. So… this is why I (often) hate software upgrades.   But guess what? Not all upgrades are created equal. Our mission at Checkmarx, is to help organizations deliver secure software at scale. We work closely with the developer community to develop software and methods that integrate seamlessly into their day-to-day activities. When Checkmarx provides an upgrade or update, you are guaranteed that something is going to be vastly improved that makes the jobs of developers and AppSec teams better.  So… what is this is all about?

Ruleset Content Packs

Out-of-the-box accuracy has always been a key evaluation criteria for organizations who purchase and deploy Static Application Security Testing (SAST) solutions. This is why we continue to invest significant resources in maintaining and improving the accuracy of our Checkmarx CxSAST test results and findings. In that spirit, we decided to create our new CxSAST Ruleset Content Packs (CPs). These CPs include query and preset updates that improve our CxSAST overall accuracy, reducing both false-positives and false-negatives, and improving the security of the software your organization develops. The CPs are lightweight and can be provided regardless of our quarterly version release schedule, so our time-to-market is much faster, and you, our customers, can improve your overall security posture more frequently. For example, Ruleset Pack 8.9.0.0012, compatible with V 8.9.0, includes improvement to over 20 Java queries. Moving forward, Checkmarx will continue to provide frequent CPs in more languages, starting with Java, C#, and JavaScript. And… I’ve saved the best for last. Deploying new CPs are easy and they do not require a full version upgrade. We encourage customers to consult with their Checkmarx technical liaison to better understand what changes to expect, once the CP is deployed. Additional technical details about the latest CP can be found here. Download the latest Ruleset Content Pack (CP) here.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content