Announcement of vulnerability advisories

  • 5
  • Idea
  • Updated 2 years ago
  • Implemented
Where could i found vulnerability advisories of Extreme Network products? I only can found some publications related to the Heartbleed vulnerability. Open source code of different projects is used in the software/firmware of many Extreme products. Can't believe the software is bug free (security related bugs) all the time. Would be great to make the security management process more transparent to the customers.
Photo of Hartmut Sachse

Hartmut Sachse

  • 2,598 Points 2k badge 2x thumb

Posted 4 years ago

  • 5
Photo of John Valentine

John Valentine, Sr. Solutions Engineer

  • 200 Points 100 badge 2x thumb
Agreed.  And in many cases, our government customers expect to see such information.  Maybe not everything, but a significant amount.  Thnx
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Here's where how to access these vulnerabilities for now:
http://gtacknowledge.extremenetworks.com/articles/Q_A/Where-can-I-find-information-about-security/?l...

Working on an even more real-time process and will keep community updated as we progress.  Hope to have these in GTAC Knowledge going forward.
Photo of Hartmut Sachse

Hartmut Sachse

  • 2,598 Points 2k badge 2x thumb
Thanks. First step in the right direction.
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
An update to the VN-2015-004_Bar-Mitzvah_CVE-2015-2808 (Revision 03) has been posted.

http://learn.extremenetworks.com/rs/extreme/images/VN-2015-004_Bar-Mitzvah.pdf

Note, we're still working on getting these in to GTAC Knowledge, so delivery will be a bit more dynamic.  Very close now and will keep you posted on progress.


Photo of Bruce Garlock

Bruce Garlock

  • 612 Points 500 badge 2x thumb
Hello, any chance you can publish a RSS feed for these vulnerabilities?  I have other vendors and CERT advisories as a RSS feed, and it makes it so much easier than managing emails or visiting sites.  
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Thanks for the idea Bruce.  We'll look at this.

The current GTAC Knowledge site does not have this capability, as you note here.  We just moved the Vulnerability notifications to GTAC Knowledge to be co-located with the rest of our KB content.  That was a positive improvement and something we received lots good feedback on from our user base.  

Over this calendar year, we're going to move GTAC Knowledge to our new Portal (in development right now) as we retire the sites fulfilling that capability today -- current Support Portal.  This will provide our users a more integrated knowledge delivery capability that will have sourced on the same site as case management, have unified search and a number of other enhancements.  When we make this move, we'll be revisiting how to personalize information flow for our users in the new portal and we'll definitely look at an RSS feed for vulnerability notification.  

I know that's not an immediate answer to your question, but wanted to acknowledge we'll definitely look at this going forward.  Thought it was an opportunity to give you insight on some of the behind the scenes planning in the works right now.  I think the Community is really going to like our improved user experience once its ready for prime time.
Photo of Thomas, Ken

Thomas, Ken, Alum

  • 4,368 Points 4k badge 2x thumb
Bruce, the article Ryan listed above does have the option to sign up to get email notifications which include the vulnerability notices for the products that you are interested in. That is all we have for now and I hope it helps you in the short term.