Skip to main content
Skip table of contents

CVE Policy

At D2iQ, our commitment to providing secure software solutions is paramount. We understand the critical importance of promptly addressing and mitigating security vulnerabilities.  To provide assurances to our customers about the safety and trust of our Software secure development program, we have created this document to outline our policies and procedures regarding CVEs (Common Vulnerabilities and Exposures) that are discovered in our Software.

CVE Management:

Our procedure for managing CVEs is explained in the sections below.

Scanning Policy:

  • Our primary objective is to provide software that is free from critical security vulnerabilities (CVEs) at the time of delivery.

  • We conduct regular scans of our software components, including:

    • Kubernetes

    • D2iQ Platform applications (Traefik, Istio, …)

    • D2iQ Catalog applications (only versions that are compatible with the default Kubernetes version supported with that DKP release, shown in our docs Workspace DKP Catalog Applications )

    • DKP Insights Add-on 

  • Scans are performed every 24 hours using the latest CVE database to identify potential vulnerabilities promptly. When results are published, the CVE identifier, criticality, and release tied to a mitigation or remediation will be included with those results.

  • Security Advisories are published for discovered Critical CVEs.

Shipping Policy:

  • Our objective is to ship software releases that do not have Critical CVEs where a mitigation or remediation is not available.

  • For major and minor releases, our objective is to ship only when there are no known Critical CVEs or where there is no mitigation available.

  • A patch for a critical CVE may be provided in a minor release or a patch release dependent on the component.

  • We prioritize resolving these issues in the next minor release to maintain our commitment to security.

  • In the event that we discover a critical CVE for a  Generally Available (GA) version of our Software, a  mitigation or patch release, will be targeted for release within 45 days  from the date of publication or development, as applicable.

More Information

For more information on our secure development program and process, please refer to: https://portal.nutanix.com/page/documents/kbs/details?targetId=kA032000000TVkxCAG

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.