Software Maintenance and Security
Software maintenance and security work begins once a team has selected a software baseline and started building a real product on top of it. This section focuses on the operational work needed to understand what is in the deployed software, monitor and remediate risk, deliver fixes, and use platform security features appropriately.
These topics are related, but they are not interchangeable:
- SBOMs help identify which software components are included in a released build.
- Vulnerability management helps determine which issues affect that software and what action is required.
- Software updates and OTA define how fixes and improvements reach deployed devices.
- Device security features help establish trust, protect secrets, and reduce exposure in the deployed product.
Implementation details can vary by SoM, operating system, and software branch. Use these pages for planning and baseline guidance, then follow the release documentation for platform-specific steps.
-
Understand which software components and dependencies are included in your build and how to generate a machine-readable inventory.
-
Define how your team will monitor, assess, prioritize, and remediate vulnerabilities in deployed software.
-
Choose how devices will receive bug fixes and security updates after deployment.
-
Review platform security topics such as secure boot, TPM integration, key protection, and related device security features.