Plant SCADA Patching?

AVEVA has a vulnerability management policy and procedure that is aligned with ISO 30111 standards and the CVSS classification methodology. 3rd party vendor tools that specialize in Software Cyber Security audits are used to help our internal teams with Decisions and resulting actions that are captured and executed to contain/remediate the incidents for continual improvement of software development. We do not provide recommended tools from any specific vendors, similar to that of Anti-Virus software. Any Cyber Security software scanning tool should be able to be used that works with Commercial Off the Shelf Software that is used to scan 3rd part software. Also, please advise the customer that Plant SCADA 2018 R2 is no longer on Mainstream support, and that most of these fixes identified go onto the main branch of mainstream supported versions of the product. Step 1 would be to get the customer on the latest released version as regardless of Cybersecurity Scanning tools used, the later releases will provide more robust security fixes at the various levels of the ISO 30111 standards. Hope this helps, please ping me offline for more details on this topic, so I can work more in alignment with the AVEVA Global Cyber Security team which is across all products, of which may not be monitoring the Plant SCADA forum. 

AVEVA has a vulnerability management policy and procedure that is aligned with ISO 30111 standards and the CVSS classification methodology. 3rd party vendor tools that specialize in Software Cyber Security audits are used to help our internal teams with Decisions and resulting actions that are captured and executed to contain/remediate the incidents for continual improvement of software development. We do not provide recommended tools from any specific vendors, similar to that of Anti-Virus software. Any Cyber Security software scanning tool should be able to be used that works with Commercial Off the Shelf Software that is used to scan 3rd part software. Also, please advise the customer that Plant SCADA 2018 R2 is no longer on Mainstream support, and that most of these fixes identified go onto the main branch of mainstream supported versions of the product. Step 1 would be to get the customer on the latest released version as regardless of Cybersecurity Scanning tools used, the later releases will provide more robust security fixes at the various levels of the ISO 30111 standards. Hope this helps, please ping me offline for more details on this topic, so I can work more in alignment with the AVEVA Global Cyber Security team which is across all products, of which may not be monitoring the Plant SCADA forum.