The CA Spectrum 10 release represented one of the most substantial releases for this solution in recent years. Join us for this session to explore some of the new features, such as the new web client for operators, software-defined network (SDN) support, wireless LAN controller and access point management, bi-directional integration with CA Unified Infrastructure Management, support for ModSecurity, and simplified reporting. This will be a combination of slides, demos and hands-on practice.
For more information, please visit http://cainc.to/Nv2VOe
1. Pre Conference Education:
CA Spectrum Just Keeps Getting
Better and Better
Kiran Diwakar
DevOps: Agile Ops
CA Technologies
Director, Product Management
DO5X88E
@Kiran_Diwakar
#CAWorld
Jayakrishna Karicharla (JK)
CA Technologies
Principal Software Engineer
53. Step 1: Create an RTC Story for vulnerability
A) Support Engineer creates an RTC Story for vulnerability with the details provided by customer as per the
following template (please see slide 5 for Story fields) :
----------------------------------------------------------------------------------------------------------------
Name of Customer / Vulnerability Source:
Entity (Spectrum/Third Party) : Is it with Spectrum** or Third Party Component (e.g. Java, MySQL etc)
Type of Vulnerability: e.g. Cross Site Scripting, Link Injection, Third Party
CVE No(s) :
Severity : Critical, High, Medium, Low
Probable Risk: 1-2 liner (what if immediate solution is not available ? What are the consequences‘)
**Customer found vulnerabilities in CA Spectrum.
B) After creating an RTC Story, Support Engineer informs Spectrum Product Management Team
54. Step 2: Investigate Impact
A) PM Team will review RTC Story and may ask for more information from Support Engineer if needed else PM
team initiates investigation.
B) Spectrum Engineering team (aka Vulnerability Response Team (VRT) updates the story with approximate
timeframe of impact study.
C) After completing the impact study, VRT will respond as per following template : (please see slide 6 for Story
fields)
-----------------------------------------------------------------------------------------------------------------------------------------
Are we vulnerable? : Yes / No (VRT updates this)
Impact to Spectrum: 1-2 lines (VRT updates this)
** Fix : What is a proposed solution? (VRT updates this)
** Any workaround available: (VRT updates this)
** Applicable only for Critical / High Vulnerabilities'.
55. Step 3A : Yes, we are vulnerable. Estimates for fixing vulnerability
1) PM Team lines up the story for an upcoming Release.
2) PM Team defines an appropriate Acceptance criteria.
3) VRT updates an RTC Story with the estimates (Story Points).
4) PM Team informs Support Engineer about plans to fix.
5) Support engineer communicates the same to customer and moves the L1 support ticket to AWGA queue.
Size Estimation: (VRT updates this)
Step 3B : No, we are not vulnerable.
1) PM Team informs Support Engineer that we are not vulnerable.
2) Support Engineer communicates the same to customer and requests closure.
3) PM Team close the RTC story.