HPE Software Security Auditing & Hardening
Broadwing squashes thousands of high/crit CVEs in HPC software through automated CI/CD pipelines
Situation
Struggling with a large number of security vulnerabilities, insurmountable by manual effort, a globally recognized HPC manufacturer turned to Broadwing for help.
Action
Within three months, Broadwing created hundreds of new pipelines to rebuild containers and packages, pulling in upstream security patches on a nightly basis. The software product count of CVEs went from nearly 5000 to under 50. Those 50 were awaiting upstream patch development.
Result
The HPC manufacturer was able to show its customerbase these results, meet contractual obligations, and restore confidence. These pipelines run to this day.
Related Solutions
- Security Benchmarks
- Vulnerability / Port Scans
- Penetration Testing
- Network Perimeterization
- Identity & Access Audit
- Certificates / Secrets
- Continuous Auditing
- SLSA Build Pipelines
- Artifact Signing
- Secure/Trusted Boot
- Config Drift Detection
- Security Monitoring (SIEM)
- Multi-Tenancy Solutions
- SELinux / AppArmor