Q: How does AirWave assess the security of the AWMS server and the CentOS software it distributes?
A: AirWave uses several methods to assess the security of our own software, third-party dependencies, and the underlying OS that we distribute. These methods include:
- regular code reviews of our own source code
- use of automated security vulnerability scanning tools (like QualysGuard)
- automated and manual checks of the third-party and OS packages for security updates and bug fixes
We also employ security best practices like enabling only the networking services that are necessary for the application to function.
Q: What happens if a remotely-exploitable vulnerability is discovered in AWMS?
A: Customers are proactively notified according to Aruba's well-defined processes. Please refer to:
Q: Should I run yum or up2date or other software update managers to check for OS updates?
A: AirWave recommends that customers use any mechanism that will ensure timely security and bug fix updates, so the use of update managers like yum and up2date is recommended, but it is not required. The quarterly AWMS releases (available to all customers with a current support contract) include any critical software updates to the CentOS distribution that we ship to customers.