Showing results for 
Search instead for 
Did you mean: 
Level 3
Status: New

Developers can open, edit and run codes with stage logging disabled in debug mode and leave no traceability. In development environment, this does not represent any risks, but in environments connected with live data as pre-prod or as emergency environment as it is called where I work, this represents a risk.
A developer can open a code, edit it to her/his will, execute in debug mode with logging disabled, then close the code without saving. The described steps would allow a developer to influence a process outcome with live data with no traceability, and that should be seen as a vulnerability of the application even though it can be prevented via administrative procedures and privileges limitations, but Blue Prism itself states to expose the code to live data for final adjustments before going fully live, where people will understand that it is "ok" to have live data and a developer making final adjustments.
Organizations acknowledging this risk, will resort to administrative efforts to cover it as applying 4-eyes principle for interventions that includes live data, but then, if there was a way to create this guarantee of traceability, it wouldn't prevent the impact, but it would enable organizations to find out who was responsible for such actions, and as it would be in place, would be one less reason for someone to think about creating harm.

The idea is: create a way to force changes to be logged in the Blue Prism instance/environment, independent from developer action of saving her/his changes.