It may have following types of security vulnerabilities for ThingWorx:
- Third party components (Tomcat, Java, database, OS, etc.)
- ThingWorx itself
For security vulnerabilities of the third party applications, generally it needs to update the third party components to fix the issues. But because of the compatibility consideration, sometimes it needs to update/upgrade ThingWorx to fit the updated third-party application.
Unfortunately it generally needs much more time to upgrade ThingWorx than updating the third party application.
So it will help to decrease the customer's efforts a lot if:
- ThingWorx vulnerabilities could be fixed by hot-fix or security-update-patch(SUP), without upgradin ThingWorx.
- Make ThingWorx support more releases of the third party components. This is to avoid upgrading ThingWorx frequently.