Skip to content

Deployer

The deployer role refers to the individual or organization responsible for the fielded systems that use or otherwise depend on products with vulnerabilities.

Deployers include the following:

  • network and cloud infrastructure providers
  • outsourced IT operations
  • in-house IT operations
  • individual users

Deployers typically must take some action in response to a vulnerability in a product they've deployed. Most often this means deploying a patch, but it can also involve the application of security controls, such as reconfiguring defensive systems, adding monitoring or detection rules, or applying mitigations.

Automation of the deployment process increases the efficiency of the deployer's response at the same time it decreases the duration of the risk posed by vulnerable systems. Although the deployer role is primarily concerned with Vulnerability Management practices that sit downstream of CVD, it's worth spending a few moments to understand how it fits in with CVD.

Deployer Vulnerability Response Process

We describe the deployer's vulnerability response process in more detail in the section Deployer Vulnerability Response.