The application must provide notifications or alerts when product update and security related patches are available.

Description

<VulnDiscussion>An application vulnerability management and update process must be in place to notify and provide users and administrators with a means of obtaining security patches and updates for the application. An important part of the maintenance phase of an application is managing vulnerabilities for updated versions of the application after the application is released. When a security flaw is discovered in an application deployed in a production environment, notification to the user community must take place as quickly as possible. This notification should be planned for in the design phase of the application. This notification should be a warning of any potential risks to the application or data. A notification mechanism will be established to notify users of the vulnerability and the potential risks, the availability of a solution, and/or potential mitigations reducing risks to the application.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>