topic Announcement of vulnerability advisories in Network Architecture & Design

Announcement of vulnerability advisories

hsachse — Tue, 16 Sep 2014 17:41:00 GMT

Where could i found vulnerability advisories of Extreme Network products? I only can found some publications related to the Heartbleed vulnerability. Open source code of different projects is used in the software/firmware of many Extreme products. Can't believe the software is bug free (security related bugs) all the time. Would be great to make the security management process more transparent to the customers.

RE: Announcement of vulnerability advisories

John_Valentine — Tue, 16 Sep 2014 17:52:00 GMT

Agreed. And in many cases, our government customers expect to see such information. Maybe not everything, but a significant amount. Thnx

RE: Announcement of vulnerability advisories

Ryan_Mathews — Thu, 14 May 2015 17:58:00 GMT

Here's where how to access these vulnerabilities for now:
http://gtacknowledge.extremenetworks.com/articles/Q_A/Where-can-I-find-information-about-security/?l...

Working on an even more real-time process and will keep community updated as we progress. Hope to have these in GTAC Knowledge going forward.

RE: Announcement of vulnerability advisories

hsachse — Thu, 14 May 2015 17:58:00 GMT

Thanks. First step in the right direction.

RE: Announcement of vulnerability advisories

Ryan_Mathews — Mon, 22 Jun 2015 18:25:00 GMT

An update to the VN-2015-004_Bar-Mitzvah_CVE-2015-2808 (Revision 03) has been posted.

http://learn.extremenetworks.com/rs/extreme/images/VN-2015-004_Bar-Mitzvah.pdf

Update Target Fix Release and Target Month For Release for NetSight and Purview
Full list: http://www.extremenetworks.com/support/software

Note, we're still working on getting these in to GTAC Knowledge, so delivery will be a bit more dynamic. Very close now and will keep you posted on progress.

RE: Announcement of vulnerability advisories

Bruce_Garlock — Tue, 23 Feb 2016 04:35:00 GMT

Hello, any chance you can publish a RSS feed for these vulnerabilities? I have other vendors and CERT advisories as a RSS feed, and it makes it so much easier than managing emails or visiting sites.

RE: Announcement of vulnerability advisories

Ryan_Mathews — Tue, 23 Feb 2016 04:35:00 GMT

Thanks for the idea Bruce. We'll look at this.

The current GTAC Knowledge site does not have this capability, as you note here. We just moved the Vulnerability notifications to GTAC Knowledge to be co-located with the rest of our KB content. That was a positive improvement and something we received lots good feedback on from our user base.

Over this calendar year, we're going to move GTAC Knowledge to our new Portal (in development right now) as we retire the sites fulfilling that capability today -- current Support Portal. This will provide our users a more integrated knowledge delivery capability that will have sourced on the same site as case management, have unified search and a number of other enhancements. When we make this move, we'll be revisiting how to personalize information flow for our users in the new portal and we'll definitely look at an RSS feed for vulnerability notification.

I know that's not an immediate answer to your question, but wanted to acknowledge we'll definitely look at this going forward. Thought it was an opportunity to give you insight on some of the behind the scenes planning in the works right now. I think the Community is really going to like our improved user experience once its ready for prime time.

RE: Announcement of vulnerability advisories

Ken_Thomas — Tue, 23 Feb 2016 04:35:00 GMT

Bruce, the article Ryan listed above does have the option to sign up to get email notifications which include the vulnerability notices for the products that you are interested in. That is all we have for now and I hope it helps you in the short term.