https://community.databricks.com/t5/administration-architecture/security-and-vulnerability-for-azure-databricks-clusters-in-data/m-p/56342#M717 <P>Hi Aria,</P><P>can you check <A href="https://www.databricks.com/trust/trust" target="_self">this link</A>?</P><P>Basically Databricks checks for vulnerabilities and does pentesting etc.</P><P><EM>"Databricks will use commercially reasonable efforts to address critical vulnerabilities within 14 days, high severity within 30 days, and medium severity within 60 days measured from, with respect to publicly declared third party vulnerabilities, the date of availability of a compatible, vendor-supplied patch, or for internal vulnerabilities, from the date such vulnerability is confirmed. Databricks leverages the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating, combined with an internal analysis of contextual risk to determine criticality."</EM></P> Wed, 03 Jan 2024 09:07:20 GMT -werners- 2024-01-03T09:07:20Z https://community.databricks.com/t5/administration-architecture/security-and-vulnerability-for-azure-databricks-clusters-in-data/m-p/56319#M716 <P>Microsoft defender is not supported for azure databricks clusters. Can someone point me to a document which describe how the security vulnerabilities are reported and fixed for azure databricks clusters in data plane.</P> Tue, 02 Jan 2024 20:43:14 GMT https://community.databricks.com/t5/administration-architecture/security-and-vulnerability-for-azure-databricks-clusters-in-data/m-p/56319#M716 Aria 2024-01-02T20:43:14Z https://community.databricks.com/t5/administration-architecture/security-and-vulnerability-for-azure-databricks-clusters-in-data/m-p/56342#M717 <P>Hi Aria,</P><P>can you check <A href="https://www.databricks.com/trust/trust" target="_self">this link</A>?</P><P>Basically Databricks checks for vulnerabilities and does pentesting etc.</P><P><EM>"Databricks will use commercially reasonable efforts to address critical vulnerabilities within 14 days, high severity within 30 days, and medium severity within 60 days measured from, with respect to publicly declared third party vulnerabilities, the date of availability of a compatible, vendor-supplied patch, or for internal vulnerabilities, from the date such vulnerability is confirmed. Databricks leverages the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating, combined with an internal analysis of contextual risk to determine criticality."</EM></P> Wed, 03 Jan 2024 09:07:20 GMT https://community.databricks.com/t5/administration-architecture/security-and-vulnerability-for-azure-databricks-clusters-in-data/m-p/56342#M717 -werners- 2024-01-03T09:07:20Z