After World War 1 the French decided they never wanted to be as vulnerable as they were during that war ever again. So they invested in an absolutely massive series of defense projects that spanned 280 miles along the French & German border including bunkers, artillery, underground rail lines, weapons platforms, and more, called the Maginot Line.
The entire point of the Maginot Line was to make it so costly for Germany to attack that they wouldn’t do it again. Unfortunately, during WW2, Germany invaded through the neutral country of Belgium and almost entirely avoided the Maginot line.
The critical weakness of the Maginot Line was that it was built only along the French & German border. Had the French extended the Maginot Line along their entire border they might have avoided being occupied for most of World War 2.
Why am I telling you all of this? Because the Maginot Line is now a symbol of over-investing in one area and leaving a critical weakness in another.
A Battle-tested Plan for Magento 1
Magento 1 store owners have already invested in Magento and want to keep their investment fully functional until they decide it’s the right time for the ‘next thing’. To do that you have to keep your store protected against known attacks which is exactly what Nexcess Safe Harbor is designed to do.
Arguably the most important feature in Safe Harbor is providing patches for known vulnerabilities. And instead of this being a theoretical plan (like the Maginot Line) it’s now a battle-tested plan.
Earlier today we released a patch via Safe Harbor for CVE-2020-15151. If you’re a Safe Harbor customer you should have received a notification from us, alerting you about the patch, which you can apply manually yourself or reach out to our support team who will apply the patch for you. The promise of security, achieved.
Maintaining PCI Compliance
PCI compliance keeps your store secure so you can process credit card information safely. To maintain that safety and be PCI compliant you have to follow certain rules.
As per 6.2 of the PCI DSS Guidelines you must stay up to date with security patches: Protect all system components and software from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
If you want to process credit cards safely & securely this holiday season, it’s your responsibility to keep your store up to date – think of it like someone noticing a critical flaw in your Maginot Line. Once they point it out, you can’t ignore it and pretend you’re perfectly safe.
What we’ve done with Safe Harbor is point out the flaw, write up new defensive plans to protect against critical weaknesses, and give you a button to deploy them instantly.
Investing in Magento
Keeping your Magento 1 store fully operational means protecting it against known vulnerabilities. If you have yet to invest in Safe Harbor, this vulnerability illustrates the importance of staying secure. We’ll notify you about these patches, and when needed, help you apply them.
We’re actively monitoring Magento releases and will back-port any known vulnerabilities for Magento 1 which keep your store safe. Please contact support with any questions or concerns.