Our commitment to developing secure solutions
Tony Paine
is the CEO of HighByte, focused on the company’s vision and ability to execute to plan. For 20 years, Tony immersed himself in industrial software development and strategy at Kepware. As CEO, he led the company through a successful acquisition to PTC in 2016 prior to founding HighByte in 2018. Tony has contributed to a variety of technical working groups, helping to shape the direction of standards used within the automation industry over the past two decades. Tony received a Bachelor of Science in Electrical Engineering with a concentration in Computer Software and Hardware Design and a Master of Business Administration with a concentration in Data Analytics, both from the University of Maine.
We live in a time where attacks on critical infrastructure and the underlying software and hardware that comprise these systems is all too common and will only increase year over year. Rest assured that HighByte is committed to putting security first in its design and implementation of its software solutions.
Our industry recognizes that a defense-in-depth strategy must be employed when building out a technology stack from various components. This not only applies to an end-user’s use of applications and equipment from various vendors, but even more so by vendors who develop solutions that pull in third-party technology or tap into interfaces and standards that allow for seamless integration with foreign sources of data and information.
Our industry recognizes that a defense-in-depth strategy must be employed when building out a technology stack from various components. This not only applies to an end-user’s use of applications and equipment from various vendors, but even more so by vendors who develop solutions that pull in third-party technology or tap into interfaces and standards that allow for seamless integration with foreign sources of data and information.
One recent example of vendors’ use of third-party technology was the end-of-2021 buzz around security vulnerabilities in Log4j—a widely used component for logging information to various mediums (e.g., text files, SQL databases, console windows, etc.). HighByte Intelligence Hub was not immune to this vulnerability due to its use of Log4j for logging informational and diagnostics event messages within the product.
We became aware of the issue shortly before we officially released HighByte Intelligence Hub version 2.2, allowing us to include an updated Log4j component that addressed the security vulnerability. Unfortunately, this was one of several Log4j security vulnerabilities and patches that the industry would encounter over the course of the week that followed, requiring a couple re-releases of the version 2.2 product with further Log4j patches. Concerned that we would always be one Log4j patch behind, we re-evaluated our use of this component and decided to pull out direct use of Log4j in HighByte Intelligence Hub. This component was replaced with our own logging technology that provides the same capabilities, limits the scope to only the logging capabilities needed by our product, and is available for immediate download.
Though this is just one example, HighByte will continue to put security first in the design and implementation of the company’s solutions. Whether this is within our own intellectual property, or part of a third-party component we rely upon, we are committed to ensuring end-users of HighByte Intelligence Hub can rely on our layer of the technology stack to meet their defense-in-depth objectives.
To learn more about the latest release of HighByte Intelligence Hub and access additional resources, read this blog post by HighByte CTO Aron Semle. If you have questions about the release or product security best practices, please contact us.
We became aware of the issue shortly before we officially released HighByte Intelligence Hub version 2.2, allowing us to include an updated Log4j component that addressed the security vulnerability. Unfortunately, this was one of several Log4j security vulnerabilities and patches that the industry would encounter over the course of the week that followed, requiring a couple re-releases of the version 2.2 product with further Log4j patches. Concerned that we would always be one Log4j patch behind, we re-evaluated our use of this component and decided to pull out direct use of Log4j in HighByte Intelligence Hub. This component was replaced with our own logging technology that provides the same capabilities, limits the scope to only the logging capabilities needed by our product, and is available for immediate download.
Though this is just one example, HighByte will continue to put security first in the design and implementation of the company’s solutions. Whether this is within our own intellectual property, or part of a third-party component we rely upon, we are committed to ensuring end-users of HighByte Intelligence Hub can rely on our layer of the technology stack to meet their defense-in-depth objectives.
To learn more about the latest release of HighByte Intelligence Hub and access additional resources, read this blog post by HighByte CTO Aron Semle. If you have questions about the release or product security best practices, please contact us.
Get started today!
Join the free trial program to get hands-on access to all the features and functionality within HighByte Intelligence Hub and start testing the software in your unique environment.
