We have a similarly-shaped problem, of multiple external components integrated into single products, with the variation that rather than deployed by us they are sold to customers, sometimes as software packages and sometimes buried in our own hardware.
The current strategy is manual: from the bottom up, one person tracks issues in external components used in the products, and from the top down, issues in high-profile external components get analyzed for their impact on our products. The latter part seems to be working well but only applies to widely used components; the former part is dependent on our ability to match expertise and attention to particular products.
Updates are expensive both us and our customers (they're friendly about it on the phone to engineers but I gather that sales/PM staff get massive earfuls over it) so the human analysis phase isn't going away in favor of 'always update'.
There is a move to de-integrate certain components in certain contexts, so that customer supplies and updates them instead, but that hasn't happened yet and present and future development strategies will pull in more things than will ever be de-integrated.
i.e. the scale of the problem is going to grow rapidly for us and so I'm interested in any practical answers anyone has l-)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2017-06-20 07:52 am (UTC)The current strategy is manual: from the bottom up, one person tracks issues in external components used in the products, and from the top down, issues in high-profile external components get analyzed for their impact on our products. The latter part seems to be working well but only applies to widely used components; the former part is dependent on our ability to match expertise and attention to particular products.
Updates are expensive both us and our customers (they're friendly about it on the phone to engineers but I gather that sales/PM staff get massive earfuls over it) so the human analysis phase isn't going away in favor of 'always update'.
There is a move to de-integrate certain components in certain contexts, so that customer supplies and updates them instead, but that hasn't happened yet and present and future development strategies will pull in more things than will ever be de-integrated.
i.e. the scale of the problem is going to grow rapidly for us and so I'm interested in any practical answers anyone has l-)