Announcement

Collapse
No announcement yet.

Adding dates to the "Updates Available" list

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Adding dates to the "Updates Available" list

    We were recently charged a non-compliance fee because we had not run updates using the Updates Available button in our Miva 9.x store. We take special care before running updates because we have many old modules (have been with Miva since the 4.x days). We therefore may not have time to run the updates immediately upon release.

    I understand the need to update our stores due to security patches and updates. However, what I do not understand is how Miva can charge non-compliance fees 30 or 90 days after a release without first notifying customers...

    1) that they are about to be charged because they need to run a particular update

    2) which updates need to be run in 30 days and which need to be run in 90 days

    3) what date what a release is made. How can we know if we are not in compliance 30 or 90 days after a release has been posted if the release dates are not listed next to the updates?

    #2
    It would be nice to have some sort of date displaying in the Update button and maybe even a different color for security updates so we know to get to that update ASAP.
    Leslie Kirk
    Miva Certified Developer
    Miva Merchant Specialist since 1997
    Previously of Webs Your Way
    (aka Leslie Nord leslienord)

    Email me: [email protected]
    www.lesliekirk.com

    Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr

    Comment


      #3
      upvoted
      Bruce Golub
      Phosphor Media - "Your Success is our Business"

      Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
      phosphormedia.com

      Comment


        #4
        That's a good idea, but isn't going to happen until V10. Luckily we've never had a security update, so that date has never been an issue (yet).
        Thanks,

        Rick Wilson
        CEO
        Miva, Inc.
        [email protected]
        https://www.miva.com

        Comment


          #5
          When I called about the fee I was charged, the tech support person told me that one of the updates was a security update and the rest were not.

          Miva seriously lacks transparency when it comes to charging fees. It's shady and all the angry comments and feedback around the web about Miva reflect this.

          EDIT...and if the updates are not related to security, then why do you have to force them and charge a fee? I can't imagine ever replying "it's not going to happen" to one of my customers who sent us a suggestion.
          Last edited by lovemybubbles; 05-03-16, 04:53 AM.

          Comment


            #6
            All of our billing has always been on our standard update policy, we've never billed for a security update, so is it possible a tech used the wrong word? Yes.

            Is it possible you were charged improperly? No.

            The policy is VERY simple. All sites (dev or live, used or not) that are on a publicly available IP address (so it doesn't matter if it's password protected, IP whitelisted, etc... those tools can all be bypassed by hackers) must be kept up to date by the PCI Standards definition of up to date software.

            That is you have 90 days from the date of initial release to update your software. If you don't we charge a Non Compliance Fee. We also needed to decide when to End of Life software and we do that 1 year after software has gone Non-Compliant.

            So in simple terms, you have 90 days from a release to hit that button to avoid an NCF and 15 months to avoid EOL.

            The only acceleration to that (which we've never had to use thankfully) is for a PCI marked "Security" update, which then updates the 90 days to only 30. If that ever happens, we'd make it as well known as we possibly could, including using an in admin banner.
            Thanks,

            Rick Wilson
            CEO
            Miva, Inc.
            [email protected]
            https://www.miva.com

            Comment


              #7
              You're confused on the term Security here. Running out of date software is fundamentally an insecure choice, and we use the PCI Councils rules for timelines to updates. So in essence they're "all about security".

              However the PCI Council also has a "Security" definition of an update (like when Heartbleed hit the internet a couple years ago) and those updates/patches must be applied within 30 days.

              I understand your confusion, but fighting on semantics is silly.
              Thanks,

              Rick Wilson
              CEO
              Miva, Inc.
              [email protected]
              https://www.miva.com

              Comment


                #8
                Originally posted by lovemybubbles View Post
                I can't imagine ever replying "it's not going to happen" to one of my customers who sent us a suggestion.
                That's not exactly what Rick wrote. Read it again. When you don't leave off the words at the end, it has a very different meaning.

                If you did that by accident, well to err is human. If not... people who misquote and misrepresent tend to lose credibility in arguments, at least in forums like this where rational thought occurs on a regular basis.
                Gordon Currie
                Phosphor Media - "Your Success is our Business"

                Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
                phosphormedia.com

                Comment

                Working...
                X