Alibaba Could adopts the shared responsibility model.

  • Alibaba Could is responsible for the security of the virtualization layer and layers below it, including the entire process from the virtualization layer to the physical environment.
  • Users are responsible for the security of the operating system and layers above it, including the operating system itself, software installed on the operating system, and running business.
    Note The operating system can use images from Marketplace or images uploaded by users.

Example of the shared responsibility model

A real estate developer is responsible for the foundation of apartment buildings and fire protection in the public space of these buildings, while homeowners are responsible for the interiors of the apartments.

The operating system can be likened to the walls and floors of the apartment, which users can paint and decorate as needed.

Category of software vulnerabilities

  • Linux software vulnerabilities

    The vulnerabilities in software such as SSH, MySQL, and Vim that are installed on Linux servers.

  • Windows system vulnerabilities

    The Windows vulnerability update patches released by Microsoft.

  • Web application vulnerabilities

    The vulnerabilities on a website or other Web systems running on the server.

Benefits

  • Time-saving

    With the software vulnerability feature, the closed loop of "Locate vulnerability-affected scope > Fix vulnerability (Fix or Generate Fix Command) > Verify after fix" greatly reduces the time required to handle the vulnerabilities.

  • Vulnerability operations

    Each vulnerability discovered by the software vulnerability feature is checked and verified by the backend security operation engineers in Alibaba Cloud.

  • Vulnerability intelligence

    The software vulnerability feature shares all vulnerability intelligence source of Alibaba Group, covering large volumes of vulnerabilities and allowing you to quickly identify vulnerabilities.

References

Linux software vulnerabilities

Windows software vulnerabilities

How do I manually detect system software vulnerabilities?