Our vulnerability team is always raising the alarm on recently announced CVEs which trigger alerts in their scanning engine. It would be invaluable to have a form on Community that we could use to submit a range of CVE numbers that the site could then cross reference against the SecurID products. This cross referencing would allow us to find out which CVEs affect SecurID products and which ones are false positives. Right now we have to constantly raise requests with our DSE for investigating this.
Ideally this cross referencing utility would look through the provided list of vulnerabilities and determine 1) are these CVEs known to RSA, 2) exploitable or false positives, 3) what version and patch level remediates and issue, and 4) a link to KB(s) that would outline RSA's response to the CVE(s).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.