v2.4.0 | Report Errata
docs security docs security

Documented Schedule, Zero-Day Process & Staging Testing

Operating system, framework, and dependency patches are applied by the engineering team on a documented schedule. The patch management policy specifies the cadence for routine patches (monthly or aligned with the CI/CD release cycle), the process for applying patches, and the testing requirements before production deployment.

Emergency patches for zero-day vulnerabilities follow an expedited process. When a zero-day affecting any system component is disclosed, the security team assesses the exposure, the engineering team prepares the patch, and the patch is tested in the staging environment before production deployment. The expedited process has a shorter SLA (24–72 hours for critical zero-days) and may bypass certain non-essential pipeline stages, though the core validation gates (performance, fairness, robustness) should still run to confirm the patch does not introduce regressions.

All patches, including emergency patches, are tested in the staging environment before production deployment. The staging test confirms that the patch resolves the vulnerability, that no regressions have been introduced, and that the system’s declared performance and fairness metrics remain within thresholds. The patch management schedule, the zero-day process, and the staging test results are documented in Module 9.

Key outputs

  • Documented patch schedule with cadence and process
  • Zero-day expedited process with shortened SLAs
  • Mandatory staging testing for all patches
  • Module 9 AISDP documentation
On This Page