What is behind Update-Available.com
How this website/service came about. And what else I have planned with this service. Before we get to that part, a short excursion into the history of its creation.
Each software has its own mechanism to inform users about upcoming updates. There is also software that simply updates itself automatically. In the private environment, these mechanisms do not pose a problem, but in business use the auto-update function is usually deactivated.
The reasons can be very different here. One reason is the need to keep the environments at the same version level. The prerequisite for this is central software distribution. All endpoints are connected and centrally managed.
Another reason is the need to validate software. Various guidelines play a role in this. This means that after the update, you should check the use of the software according to a predefined test plan to ensure that the expected results are achieved.
Software Deployment With this variant, everything is controlled and provided via a central server. The endpoints receive the necessary installation packages via an agent and install them according to your instructions.
Qualification/validation The software must be validated according to the company's guidelines. This is usually the case if the company has to comply with certain regulations, e.g. GMP.
VDI The desktops are provided by a golden image. After the user logs off, these are deleted. After each start, the automatic updates would then be carried out.
Many reasons, but one solution - documentation?
There are other reasons for disabling automatic updates. To keep track of which software is in which version, the tables are quickly created and alive.
This completes the first step of tracking. All software has been documented and recorded with version status. At the same time, a process has been designed to update them as updates occur. Already 80% achieved!
But to reach 100%, another process is needed. A process that regularly checks whether updates are available. A table with 5 software entries will help you to do this quickly. What if there are 20 or more software entries in the table?
Here it becomes a time-consuming task that a single person cannot manage. However, one solution is to extend the intervals between checks. The tests now take place monthly instead of weekly.
Like a phoenix rising from the ashes....
...the idea was born - simpler, clearer and more sustainable it should become!
The idea is not new, software that notifies you of upcoming updates. Colloquially, this is called managed software. Depending on the product, the product can have an artistic name or baramundi or here USU.
A big advantage of such a solution is that you don't have to worry about anything. Operators provide updates via a central service and customers can simply install them. That's theory, but how does it work in practice? What if you have software that is not on your managed software list? Then of course you ask your provider if the software can also be included on the watch list. The provider assesses this for himself, and possibly includes it.
And this is exactly where my solution comes in. Use several sources and expand them as you like. The advantage is that you don't have to wait until the customer threshold is reached. Send us your information and the software will be added to your watch list shortly. There are currently over 3000 software vendors and over 4000 software products on the watch list.
Notify where you need it.
A notification only makes sense if it is actually read. Otherwise it is simply SPAM.
We send important information about pending updates. You decide where and how you want to receive the notifications. Various notification channels are possible, and new ones can be added if you wish.
It is important to say here that it can be set per software. Not every company, department or team works in the same way. Everyone has different ways of working and you can reproduce these with this.
To be continued...
Most series end with a cliffhanger. This article also ends here, first.
I spend several hours every week developing this service. In the background, I improve the processes, the communication, the database. Everything is in the process of being created. Therefore, it can sometimes happen that there are no new topics to report for a short time.
I still have many ideas that I want to and will implement. But since I am implementing them conscientiously, the process is not the fastest. But last but not least, here are a few ideas that are already being implemented and some of which are already in the test phase.
Vulnerabilities. Notification of a newly found vulnerability in the software. If desired, the affected CVE with CVSS score can also be sent.
Changelog. With some providers I have the possibility to send the changelogs, the changes since the last update.
Rest-API. Access to your own favourites and the entire database with all information on the manufacturer, software, version, CVE, etc.