CVEs Archives - TuxCare

Business Value of ELS Patching for Python

Python has grown tremendously, and its impact has been remarkable. It has become one of the most popular programming languages among developers and researchers.

Python is an object-oriented, high-level, interpreter-based programming language. It was created by Guido van Rossom in 1991 and has been used for various projects since then.

The importance of Python for DevOps

A recent survey of 4,600 IT professionals found that those who adopted a DevOps culture could deploy code 200% more often than those who did not embrace such a culture. They also spend half as much time applying fixes through patches for bugs, recover twice as fast after failures, and have threefold fewer changes fail. Most importantly, they achieve these results without sacrificing quality.

What’s Python’s place in DevOps development tools? Python’s versatility and ease of use make it an ideal tool for DevOps workflows. Developers can write scripts and deploy them to production servers without worrying about infrastructure. Python is widely adopted across the industry, so it’s easy to find people who know how to use it.

Python is one of several programming languages commonly used by teams practicing DevOps. It has many advantages compared to other languages, making it an excellent choice for this role.

Buying Time to Migrate to the Following Code Release of Python

Several challenges become critical to organizations once they adopt python as their central application for source code development and automation. Once a new release of Python is announced, the organization may take up to 3 years to migrate their current source code to the latest version. In the case of Python 3 not having legacy support for Python 2.7, this created a critical risk for software companies. The inability to back support a previous version places the software company in a challenging place.

The company will need time to develop new code, test, QA, and stage more rapidly. This new code set will likely have more bugs and performance issues with a limited operating window. This rapid code development also places their existing clients at risk. The clients will need to either attempt an upgrade in place or possibly forklift the entire platform. Both options add to the risk for Python clients. Many clients may opt not to upgrade to the software’s new code while considering other options. Unable to receive security updates and choose to live with the inherent risk of vulnerabilities and exploits, these clients will jeopardize their most critical assets. Python developers and clients need enhanced operational security with the latest version available and extended support after the end-of-life date.

Value of Tuxcare Extended Lifecycle Support(ELS)

You’ve built your applications on Python, you know that code front to back, and you’ve spent years chasing instability and squashing bugs. The hard work and long days put in by your team have resulted in something that runs well and builds value for your organization.

What are some of the core business justifications for investing in an ELS?

  • Your currently targeted Python version is going to end-of-life, and you need time to develop the next-generation application.
  • No need to refactor your Python 2.7 applications to Python 3.0
  • We backport security fixes for Python 2.7 versions, so you wouldn’t have to rewrite your app. 
  • Security compliance must be maintained, but an upgrade may break your code. Specific compliance regulation, including PCI-DSS, HIPAA, FEDRAMP, and NIST-800-53, requires all systems to be patched within 30 days after identifying known vulnerabilities.
  • Extend the life of your hardware and software assets while conserving DevOps resources. Using ELS with automation delivery, patches, and updates, including rollback capability, can streamline the update process with the DevOps teams.

Protecting your Python 2.7 from vulnerabilities 

Vulnerabilities will exist in any code, including the Python language. Many vulnerabilities never become exploits. Python, like other applications, is subject to zero-day attacks. These attacks are often executed by hackers betting on specific vulnerabilities within a system that has not been patched regularly. The hacker’s rule is most Python and other systems’ time to patch a vulnerability or patch (MTTP) is between 60 and 150 days.

SecOps usually send out a patch within 38 days. The open window will most likely be when a system becomes exploited. However, no one will know which one or when the attack will occur.

  • ELS will reduce the threat vector of zero-day attacks against Python applications as an automated business process.

An unpatched vulnerability at the language level will inherently place at risk all the applications written in that language, so even if the application’s code itself does not have any issue, some language construct that is used may have, and this is both difficult to diagnose and complex to protect from adequately.

Why Tuxcare?

Trusted partner

We’ve supported various RHEL forks for over 12 years, including AlmaLinux – a forever-free enterprise-grade OS. Support the significant Linux OS versions from CentOS 6, CentOS 7, and CentOS 8, including Ubuntu 16.04 LTS and RHEL-based distributions.

  • Also available is ELS for PHP.
  • Through KernelCare Enterprise, we provide live patching for the Linux Kernel, critical shared system libraries like OpenSSL and Glibc, open source databases like MySQL, Postgres, and MariaDB, and the virtualization platform QEMU/KVM – all of which cause high business disruption when patched traditionally.

Being compliant is our nature

We have passed and continuously maintain various Cybersecurity certifications. And our services have helped numerous enterprise companies, government agencies, and universities achieve and maintain their compliance status.

The TuxCare Story

  • TuxCare has delivered patches and bug fixes for various Linux distros for over ten years.
  • TuxCare is approaching 1 million in production workloads secured and supported by our services.
  • We have over 1500 customers from multiple industries around the world.
  • TuxCare’s KernelCare Enterprise has patched more than 2,000 vulnerabilities without reboots over the years.
  • We support more than 40 Linux distributions.

Frequently Asked Questions

What version of Python is supported by ELS for Python?

The service will provide security updates for Python 2.7.

Will existing Python code continue to run as-is?

Yes – the goal is to provide security fixes, not language-breaking changes. Your existing Python 2.7 code and applications will continue to run as before – only more securely.

Does this address security issues in my Python application?

Depends. If the security issue stems from a language-specific security problem, your application will be secure from threats targeting that specific security problem.

My application is written in Python and has no security issues – why do I need ELS for Python?

New vulnerabilities emerge every day, and of those, some will target older code. Even if your application does not directly have any security problems, exposure found at the language level may make your application insecure. That is why it is essential to have access to security patches even after a language is no longer officially supported.

Checking the Status of KernelCare Enterprise Patches

TuxCare’s KernelCare Enterprise provides live patches for various enterprise-grade Linux distributions. Preparing patches for each new CVE has to account for each of those distributions’ particular quirks and configurations, so the release timing for each may be slightly different. Let’s look at the whole process and how you can follow along with current development.

Continue reading “Checking the Status of KernelCare Enterprise Patches”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching