trackd_logo_dark-1

Will that patch break my stuff?

trackd crowd-sources patch disruption data so you can uncross your fingers.

Frequently Asked Questions

Three things:

  1. We’re the only solution that provides data on how disruptive patches have been on other networks so patching teams have insight into how likely the patch is to break something.
  2. We’re free. Users can find and patch their vulnerabilities with our platform at no charge now and forever.
  3. We were built from a blank sheet of paper to be an organically unified platform that both identifies and patches vulnerabilities in the same solution.
Yes. We built our platform from the ground up to unify the identification of vulnerabilities as well as their remediation, seamlessly.
Yes. We use a very lightweight agent to collect meta-data on the device. The trackd agent idles at 0% CPU, and uses much less than 1% even when communicating with our cloud application, where all correlations and analysis is conducted.
The platform is free to use, and we we’ll be releasing a premium version of our solution in 2024. Without question, however, users will be able to find and patch their vulnerabilities with trackd for free forever.
Every time a user installs a patch with our solution, we collect data on that experience. Specifically, we want to know if applying the patch caused a disruption. We take that disruption data, anonymize it, and then share it with everyone else on our platform. The more our users find and fix their vulnerabilities, the more disruption data that benefits everyone on the platform. In 2024, we’ll release a premium version of the platform.

Our agents collect a few things: installed applications/package name and metadata provided by the maintainer, operating system, logs related to patch installation, hostname and local ip address (these last two things are only necessary because humans need them to reason about their fleet).

Information shared with others on the platform is limited to: how many times a patch that a company needs to apply has been applied historically, number of times our agents detected a disruption while installing that patch, and number of times users have reported manually that a patch was disruptive.

None of this data is shared outside of our application and we have no reliance on any external AI/ML engines (like OpenAI) to conduct our analytics.

We pull CVE data from the NIST National Vulnerability Database (NVD) as well as from software vendor feeds. As soon as a new vulnerability is added to those sources, our solution will include it in our correlation analysis and therefore identify it on our users’ devices. The same goes for patches; when they’re available from the vendors, they’ll be available on our platform.