192
HH1800 User Guide
Security Updates and Service Packs
One of the common weaknesses of system management as reported by, Open Web Application Security Project
(OWASP) is "not keeping software up to date". It is critical to keep the latest patches and software versions on
your Honeywell device. This is especially true for software that has reported Common Vulnerabilities and
Exposures (CVE). The MITRE Corporation and the National Institute of Standards and Technology (NIST) track CVEs
and mark their level of criticalness. For example, when a critical vulnerability was found in the popular OpenSSL®
cryptographic software in April of 2014, the TLS heartbeat read overrun (CVE-2014-0160) was tracked and marked
by both organizations. A CVE such as the CVE-2014-0160 must be addressed as soon as possible.
Honeywell provides system updates for both security and feature-related purpose. If the third-party software has been installed, Honeywell
recommends testing the update on a non-production system to ensure Honeywell software continues to operate correctly.
Caution: Before installing any critical updates or making any system changes, ALWAYS back up the system. This will provide a safe and
efficient recovery path if the update fails.
Additional Resources
Security Resources
The MITRE Corporation
National Institute of Standards and Technology (NIST)
Open Web Application Security Project (OWASP)
U.S. National Vulnerability Database (NVD)