As of June 30, to upload or update an app that allows creating accounts, options to delete them must be provided.
Security in Mission Critical Applications: Case 'Uruguay gets vaccinated'
On March 1, 2021, the first stage of the COVID-19 Vaccination Plan was activated in Uruguay, under the slogan #Uruguaysevacuna.
As vaccines were limited at that time, government authorities decided to prioritize at-risk groups, consisting of patients with morbidities and workers who could be more exposed to contracting the virus, such as health and education personnel, police officers, firefighters, among others. They would then move on to the rest of the population.
For the vaccination to take place in an orderly and safe manner, a digital agenda
was created with GeneXus
, accessible from the web, from the CoronavirusUY mobile application (
) and from a chat.
The system had to be developed in record time. Positive cases were increasing, as was the mortality rate related to this disease. Having vaccinations and not being able to administer them due to system failures was not an option. That is why the software developed with Low-Code for #Uruguaysevacuna is considered a Mission Critical Application
So it was that in just 2 weeks, a multidisciplinary team created the first version of this solution that allowed 2 million people, over 18 years of age, and eligible to receive the COVID-19 vaccine, to request their schedule, get vaccinated at the assigned time, place and date, and then be notified to apply the second dose.
“The system had to support a high level of transactions. What was expected was that at specific moments we would receive a lot of requests at the same time, then this number of requests would go down but could go up in the face of different events and generate peaks. Our challenge consisted of developing a secure system in accordance with the legislation of the National Integrated Health System of the Eastern Republic of Uruguay,” explains
, Computer Engineer, IT Security Specialist and Security Manager at
A risk-oriented approach
- This system was built by people working in remote mode.
- The security issue fell on everyone, from business analysts, to testers, developers, and software architects.
They had to be effective and efficient. To achieve this, and long before starting the coding process, they focused on IT security, identifying:
- The major risks they had to mitigate.
- The risks they were not going to mitigate but had to know how they were going to manage them.
“Of all the activities we could do with security in mind, we decided in this first iteration to take into account the four with the most added value, which are Threat Modeling, Architecture Risk Analysis, Security Requirements Definition and Security Testing,” Canedo details.
To learn more about this topic, we invite you to watch the talk Application Security in Mission-critical Software: A Proactive and Cost Effective Approach, given by Canedo at the last edition of GeneXus Live.