Security Management & Governance

Milestone’s commitment to security extends beyond the initial development phase. It covers every facet of the software lifecycle, ensuring that security is not a mere afterthought but a continuous, integrated process throughout the software’s lifecycle.

Milestone recognizes that security incidents can occur despite our best efforts. For this reason, we have a Vulnerability Management Policy with which Milestone commits to promptly address and mitigate internally and externally reported security breaches when they are reported.

Also as a CVE Numbering Authority (CNA) under the MITRE domain, Milestone follows industry best practices in managing and responding to security vulnerabilities discovered in our products.   

Decision tracking

To document and track the decisions made during the software development process, Milestone will keep a record of the decisions made and the reasons for those decisions, for the following software development areas:

  • Design and architecture decisions

  • Requirements and exceptions

  • Technologies used

  • Use of third-party components and/or integrations.

Patch and Update Management

During the product’s lifetime, Milestone will provide customers with on-demand software patches to address identified security vulnerabilities and critical bugs.

With each software patch, Milestone provides information on:

  • What vulnerabilities or bugs are being addressed

  • How important it is to apply the patch

  • Clear and precise instructions on how to apply the software patch

Milestone will also, at regular intervals, release new versions of our products to enhance functionality, security, and improve user experience.

The patch and update management process empowers customers to independently safeguard their systems and data by installing security patches and updated versions as soon as they are available, allowing the customers to keep their installation current and secure.

Decommissioning of product functionality

As our software evolves, certain features, interfaces or APIs may outlive their usefulness, critical vulnerabilities may be identified that cannot be mitigated without extensive redesign, or the functionality, implementation, or technology used are simply deemed insecure by current standards.

When this happens, Milestone initiates a process to decommission the functionality to minimize potential security vulnerabilities and maintain the overall integrity of our software.

When functionality is being decommissioned, Milestone will announce it in the release prior to the release where the functionality will be decommissioned. This means that it typically is announced at least four months before the functionality is decommissioned, which will provide customers and partners time to plan for a transition and make necessary arrangements.

When functionality is decommissioned, Milestone will provide recommendations and guidelines, on how to address the changes. This may involve upgrading to a newer version of the software, migrating to a different Milestone product, or exploring third-party options.

In case the decommissioned functionality store user data, Milestone will provide guidelines or tools to assist users in safely migrating their data or exporting the data to a usable format.