Rich Green

Sugar’s Commitment to Security

Blog Post created by Rich Green Employee on Mar 27, 2020

As we often mention in our announcements to the Sugar Community, “we take security very seriously.” It’s a simple phrase that may not do justice to the focus and attention we place on the matter. We treat security risks and vulnerabilities as the highest product priority, and have systems in place to review and analyze externally reported security risks. We do this while also running tools to analyze our code for potential but yet-uncovered security vulnerabilities. We continuously fold security improvements into each Sugar Cloud release and, on a regular basis, we provide an update to our on-premise customers as well.

 

There's a well-practiced protocol for such updates. Once we analyze, code, and test the required improvements, we inform our partners and internal teams of the availability of the release, allowing appropriate time to install the necessary updates and ensure our customers’ systems are in compliance with our latest technology. Following that period, we publicly disclose the availability of the release to customers and the general public, documenting the details of each identified issue. Our Software Development Life Cycle (SDLC) process defines that we initially develop, test, and deploy these improvements in the latest version of our software, and then integrate into all prior supported versions. Thus, Sugar Cloud customers already have these changes installed in their systems.

 

With that as background, we’re pleased to announce the availability of security updates for Sugar Version 8.0.6 and Version 9.0.3, for SugarCRM’s on-premise customers.

 

Particularly during these challenging times, I want you to know that everyone at SugarCRM is moving ahead at full speed, continuously improving the pace of innovation while placing heightened attention on the business needs of our customers.

 

Take care,


Rich Green
CTO and Chief Product Officer

Outcomes