How is NationBuilder prepared to handle the Meltdown and Spectre vulnerabilities?
The Meltdown and Spectre vulnerabilities that were announced publicly on January 3rd affect nearly every modern computer, smartphone, tablet and web browser. The sheer breadth of the impact can feel overwhelming and drastic. It’s important to remember that in order for an attacker to exploit either of these vulnerabilities, he or she would need to directly execute code on the computer or device. This makes the likelihood that one particular computer or server was impacted very small.
Still, we’re taking these vulnerabilities and the risk that they pose very seriously. Luckily, the companies that make the software and products directly impacted by these vulnerabilities have been working on fixes (or patches) for nearly two months before the existence of these vulnerabilities became widely publicly known.These are the same companies that create the software, computers, and phones that both you and I use on a daily basis. Many of them have already released fixes for some or all known aspects of Meltdown and Spectre. If you have updated your software with these fixes, you no longer have exposure to these vulnerabilities.
For NationBuilder, the cloud provider we use - Amazon AWS - has already upgraded their systems to prevent both vulnerabilities. So, the data stored in the cloud is protected from these vulnerabilities. Likewise, the software on the computers our team uses have also been updated to patch any exposure to Meltdown and Spectre. Our engineering team is evaluating the additional patches as they’re released. If necessary and safe, they are then scheduling a prompt deployment of the patches to our platform. Additionally, we’re in communication with the other vendors we use as they test and deploy any necessary updates to ensure they are taking the necessary precautions to secure their systems against Meltdown and Spectre.
At this time, we have no reason to believe that our production and development systems have been impacted in any way by these vulnerabilities. We will continue to evaluate this issue and any additional patches that may be released and will provide further updates as necessary.
Complete and current information on how to use NationBuilder is available in the documentation section.