IBM remains committed to ensuring our customers are successful with the IBM software portfolio. With the increased concern regarding software vulnerabilities and other significant issues, IBM offers several methods to promptly notify customers of these types of issues.
Proactive Notification of Security Vulnerabilities
IBM is committed to providing customers with the information to help customers assess the impact of security vulnerabilities.
- A Security Vulnerability is defined as a set of conditions in the design, implementation, operation or management of a product or service that is unable to prevent an attack by a party resulting in exploitations such as controlling or disrupting operation, compromising (i.e. deleting, altering or extracting) data or assuming ungranted trust or identity. IBM’s policy is to communicate information about Security Vulnerabilities.
To receive Security Bulletins, which contain information about security vulnerabilities, edit your profile under 'My Notifications' and subscribe to the product(s) that you would like to receive.Security Bulletins Additionally, for Security Vulnerabilities, the following sources also exist:
- Using the knowledge base, Security Vulnerabilities can be found using the search string ‘Security_Vulnerability’.
- Other forums, including, but not limited to, CERT or SecurityFocus, may also contain information about Security Vulnerabilities.
Potential IBM product security vulnerabilities can be reported to IBM in the following ways:
- Customers should submit the issue via a IBM Service Request
- Security consultants and research teams should submit the issue to the IBM Product Security Incident Response Team (PSIRT)