Product Inventory
Overview coming soon.
Overview coming soon.
Larger Product Delivery Organisations often don’t know every Product that they’re delivering, let alone what each Product consists of. As a catching-up exercise, a Product Delivery Organisation might task an individual or team with discovering everything and cataloguing it, but these centralised efforts lack complete coverage and are never maintained over time as the Product landscape changes.
It’s impossible to continuously improve quality, manage risk, or effectively detect and respond to security incidents if the Product Delivery Organisation doesn’t know what Products it has. As a Product Team, you know what you have and what it consists of. The only scalable and effective way to know what Products and technologies are in use by a Product Delivery Organisation is for each Product Team to maintain their own Product Inventory, and for the collection of them all to be available to the Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Inventory for the Product Delivery Organisation. You may want to include more, but you cannot be missing any of these and still run a secure Product Delivery Organisation.
The continued use of Products that are no longer supported by a Product Team and of Third-Party Product Components that are no longer supported by their maintainer is a widespread risk for Product Delivery Organisations.
Knowing how your Products and Third-Party Product components are supported, and when that support may end, is essential for a Product Delivery Organisation and the Head Of Product Delivery Organisation is accountable for this.
When a critical vulnerability is made known in a Third-Party Product Component that a Product Team is using there’s very little time to respond to the situation and upgrade the Third-Party Product Component before the Product is compromised. Typically, the first broadly-scanning exploits for the vulnerability are detected across the internet within 24 hours so fixing the issue the same day of it being reported or, at most, within the first 48 hours is essential.
High-profile customer data breaches have shown repeatedly that if a central team is tasked with knowing of these vulnerabilities and ensuring they get fixed by the Product Teams then the response time is too slow and the Product Delivery Organisation has a serious security incident with a potential large financial penalty. Product Teams know what Third-Party Product Components they’re using and what versions. They are best placed to know and respond to critical vulnerabilities. The Product Lead is accountable for this happening.
This objective seems obvious but is stated for clarity on an important issue that this framework addresses. A Product Team maintaining a Product Inventory that the Product Delivery Organisation is not aware of brings a lot of risks.
All Product Team’s Product Inventories must be accessible by the Product Delivery Organisation to allow risks to be managed and better-informed decisions to be made. The Product Lead is accountable for this happening.