Implementation Guides: Operate Phase

Once a device is in the hands of customers, the focus shifts from building security in to maintaining security at scale. The "Operate Phase" covers the essential processes and infrastructure needed to monitor the device fleet, respond to emerging threats, and ensure continuous compliance throughout the product's supported lifecycle.

This section will help you answer questions like:

• How do I set up a compliant vulnerability disclosure program?
• What is a reasonable patch cadence for my product?
• How can I detect and respond to attacks on my devices?

Core Topics

• Vulnerability Disclosure: Establish a public-facing, compliant Coordinated Vulnerability Disclosure (CVD) policy to work effectively with security researchers and manage incoming reports.
• Patch Cadence & Management: Define a systematic process for creating, testing, and deploying security patches "without delay" to meet regulatory timelines and customer expectations.
• Security Logging & Monitoring: Implement robust logging on both the device and backend services to detect, investigate, and respond to security incidents in the field.
• CI/CD Hardening: Secure the software supply chain by hardening your build pipelines against attack and ensuring that no known exploitable vulnerabilities are present in your final release.

These operational guides ensure your devices remain secure throughout their deployed lifecycle.