Application Performance Monitoring, Logging and Systems Monitoring continue to be critical for secure and reliable platform operations. A key decision is whether to buy or build such a service – there are any number of commercial services that cover a wide spectrum and an equal number of mature open source “do-it-yourself” options such as Elasticsearch, Logstash and Kibana amongst others. Major platform and service providers such Netflix (SURO), LinkedIn (NAARAD), and Google (DAPPER) have developed their own logging, monitoring and service reliability support systems. There is a lot of innovation in this space both in the open source and commercial arena. Here is an interesting article about Cloudant, which is a database as a service provider, that decided to build their own solution using open source components including –

CVSS In Transition: CISA BOD 26-04, FedRAMP VDR, and the Rise of Risk-Based Vulnerability Management
Introduction CISA’s Binding Operational Directive 26-04, “Prioritizing Security Updates Based on Risk,” is a game changer leading the transition to risk-based vulnerability management. For years,

