Hello Miva:
Found this policy statement recently. Please comment on the rationality of it.
"As Miva has evolved, we’ve built a unique, hybrid Software-as-a-Service (SaaS) platform that
allows our customers to retain the control and independence of distributed
software, while having the easy upgrades we’ve all come to expect from SaaS
platforms. It’s time we refine and formalize our policies on when software is
officially EOL (End of Life), and update our Non-Compliance Fee (NCF) policies
accordingly.
Most Software-as-a-Service platforms don’t give you a choice when it comes to
upgrades – you simply login one day and your platform has been upgraded for you,
whether you like it or not, and whether it negatively impacts your business or
not.
Miva has chosen a different path. While providing the type of seamless upgrades and updates people
have come to expect from Software-as-a-Service, we don’t force you to upgrade
before you’re ready. The downside to this path is that, often times, people will
choose to run out-of-date software; and in this day and age, it’s simply not a
wise, safe or prudent choice to run out-of-date software.
We specifically created and use the Non-Compliance Fee program as an economic incentive program
to encourage people to update their stores regularly.
For example, in my opinion, it is simply not safe to run any version of Miva Merchant prior to 5.5
Production Release 8 Update 7 (which was released on October 16, 2012, over two
and a half years ago), yet we still have many customers who choose to run Miva
Merchant 5.5 PR8 Update 6 or older (including people still running 2.x stores,
which was released way back in 1999).
Going forward, Miva Merchant software will be considered EOL (End of Life) when either
of these 2 circumstances are met:
1.
Software has been officially Non-Compliant due to normal software releases, from
the perspective of PCI software updates, for more than 12 Months. In other
words, 15 months after the release of a new update, software will officially
become EOL.
or
2.
Software that is Non-Compliant due to a security release, from the perspective
of PCI software updates, for more than 3 months. In other words, if we mark an
update as a security-focused update, per the terms of PCI compliance, older
software will be considered EOL 4 months after the security update is
released.
What
impact does Miva marking a product as End of Life have on you, the
merchant?
First and foremost, it means we will not, under any circumstances, release a patch, update
or upgrade for that version. The most common use cases would be either an API
change by a provider (say for example USPS changes its rating API, we will not
be releasing an updated USPS module to work on any EOL version of Miva
Merchant).
Second, when there are system-level security changes (such as POODLE in 2014), we will not be
releasing a patch or engine upgrade to keep EOL software fully operational on
modern Operating Systems.
Non-Compliance Fee program changes:
Currently, we have
a varied Non-Compliance Fee program that means you pay a different fee depending
on if you’re hosted by a third party or directly with us; and, if you’re hosted
with us, your fee varies based on the plan you have.
Going forward, we’re standardizing our Non-Compliance Fee program to a flat rate program. Your
NCF will be $50 per month, if you’re running Non-Compliant but non-EOL’d
software; or, it will be $100 per month, if you’re running Non-Compliant and
EOL’d software."
Found this policy statement recently. Please comment on the rationality of it.
"As Miva has evolved, we’ve built a unique, hybrid Software-as-a-Service (SaaS) platform that
allows our customers to retain the control and independence of distributed
software, while having the easy upgrades we’ve all come to expect from SaaS
platforms. It’s time we refine and formalize our policies on when software is
officially EOL (End of Life), and update our Non-Compliance Fee (NCF) policies
accordingly.
Most Software-as-a-Service platforms don’t give you a choice when it comes to
upgrades – you simply login one day and your platform has been upgraded for you,
whether you like it or not, and whether it negatively impacts your business or
not.
Miva has chosen a different path. While providing the type of seamless upgrades and updates people
have come to expect from Software-as-a-Service, we don’t force you to upgrade
before you’re ready. The downside to this path is that, often times, people will
choose to run out-of-date software; and in this day and age, it’s simply not a
wise, safe or prudent choice to run out-of-date software.
We specifically created and use the Non-Compliance Fee program as an economic incentive program
to encourage people to update their stores regularly.
For example, in my opinion, it is simply not safe to run any version of Miva Merchant prior to 5.5
Production Release 8 Update 7 (which was released on October 16, 2012, over two
and a half years ago), yet we still have many customers who choose to run Miva
Merchant 5.5 PR8 Update 6 or older (including people still running 2.x stores,
which was released way back in 1999).
Going forward, Miva Merchant software will be considered EOL (End of Life) when either
of these 2 circumstances are met:
1.
Software has been officially Non-Compliant due to normal software releases, from
the perspective of PCI software updates, for more than 12 Months. In other
words, 15 months after the release of a new update, software will officially
become EOL.
or
2.
Software that is Non-Compliant due to a security release, from the perspective
of PCI software updates, for more than 3 months. In other words, if we mark an
update as a security-focused update, per the terms of PCI compliance, older
software will be considered EOL 4 months after the security update is
released.
What
impact does Miva marking a product as End of Life have on you, the
merchant?
First and foremost, it means we will not, under any circumstances, release a patch, update
or upgrade for that version. The most common use cases would be either an API
change by a provider (say for example USPS changes its rating API, we will not
be releasing an updated USPS module to work on any EOL version of Miva
Merchant).
Second, when there are system-level security changes (such as POODLE in 2014), we will not be
releasing a patch or engine upgrade to keep EOL software fully operational on
modern Operating Systems.
Non-Compliance Fee program changes:
Currently, we have
a varied Non-Compliance Fee program that means you pay a different fee depending
on if you’re hosted by a third party or directly with us; and, if you’re hosted
with us, your fee varies based on the plan you have.
Going forward, we’re standardizing our Non-Compliance Fee program to a flat rate program. Your
NCF will be $50 per month, if you’re running Non-Compliant but non-EOL’d
software; or, it will be $100 per month, if you’re running Non-Compliant and
EOL’d software."
Comment