■Collecting Vulnerability Information
We have implemented a system to detect CVE information for libraries we use and apply necessary patches accordingly.
We evaluate each case based on the CVE and its potential impact on our services. Critical vulnerabilities are addressed as promptly as possible, while others are handled sequentially.
Please note that we generally do not disclose our CVE information sources.
■Patch Application Process
When applying patches, we first test them in our test environment and confirm there are no issues before deploying to the production environment.
■Management of Work Records
For libraries used in application code, we manage patch application history on GitHub. For OS library updates, we record AWS machine image update operations as logs.