Being part of the Dell Technologies family of businesses means that RSA, like other businesses such as VMware and Dell EMC, need to adhere to certain standards, policies and practices. One such practice involves the accessibility of Security Advisories and knowledge base articles addressing security vulnerabilities, which are referred to as Security KB articles.
Dell is an active participant in the Software Assurance Forum for Excellence in Code (SAFECode: https://safecode.org), the Forum for Incident Response (FIRST: https://www.first.org) and international standards efforts that are developed for vulnerability disclosure and handling such as ISO 29147 and ISO 30111.
As such, the company has recently taken on an initiative to make Security Advisories and Security KB articles even more accessible and transparent to everyone. This means that the access for Security Advisories and High Profile Security KB articles published on RSA Link in 2019 or later to be publicly accessible, which means that visitors will need to have the ability to access this content even when not logged in to the website.
These changes, which will be occurring on March 14th, are explained in the table below.
| Content Type | Current Behavior on RSA Link | Upcoming Changes | Action Plan |
|---|
| Security Advisory | Third Party | - Authentication required to view on RSA Link
- Not visible to public; only visible to customers, partners and employees
- Customers must have active maintenance for the respective RSA product
| - No authentication required to view on RSA Link
- Visible to public (including customers, partners and employees)
- Active maintenance not required to view on RSA Link
- When necessary in certain situations, ability to publish advisory on RSA Link in restricted area (only visible to customers, partners and employees) for certain time frame before making publicly accessible
| - Advisories written in 2019 and beyond will be published to high-level Advisories area
- Advisories published in 2019 prior to roll-out will be migrated accordingly
- Advisories published prior to 2019 will remain in restricted area
- Advisories in high-level area will be shared to the restricted area in order for advisories to be displayed in both locations
|
| RSA Product Code | - Authentication required to view on RSA Link
- Not visible to public; only visible to customers, partners and employees
- Customers must have active maintenance for the respective RSA product
| - No authentication required to view on RSA Link
- Visible to public (including customers, partners and employees)
- Active maintenance not required to view on RSA Link
- When necessary in certain situations, ability to publish advisory on RSA Link in restricted area (only visible to customers, partners and employees) for certain time frame before making publicly accessible
| - Advisories written in 2019 and beyond will be published to high-level Advisories area
- Advisories published in 2019 prior to roll-out will be migrated accordingly
- Advisories published prior to 2019 will remain in restricted area
- Advisories in high-level area will be shared to the restricted area in order for advisories to be displayed in both locations
|
| Security KB | High Profile | - Authentication required to view on RSA Link
- Not visible to public; only visible to customers, partners and employees
- Customers must have active maintenance for the respective RSA product
| - No authentication required to view on RSA Link
- Visible to public (including customers, partners and employees)
- Active maintenance not required to view on RSA Link
- When necessary in certain situations, ability to publish advisory on RSA Link in restricted area (only visible to customers/partners/employees) for certain time frame before making publicly accessible
| - Access controls for existing location on RSA Link will be modified to make articles publicly accessible
- RSA Link team will work closely with the IT teams who manage Salesforce and the integration middleware to implement new functionality to publish restricted articles
|
| False Positives | - No authentication required
- Visible to public
| - Articles published or updated in 2019 and beyond will be published to a restricted section of the respective product knowledge base on RSA Link
- Authentication required to view on RSA Link
- Not visible to public; only visible to customers, partners and employees
| - RSA Link team will work closely with the IT teams to implement new functionality to publish restricted articles
- Customer Support teams will be trained on the new publishing process
|
All customers with active maintenance contracts on RSA Link are automatically subscribed to advisories for their respective products upon registering for an account, and this will still be in effect even after the changes in the table above have been deployed. The transition will in fact be completely transparent to the customers with one exception: Email notifications for security advisories via RSA Link have always had the prefix [PRODUCT_NAME Security Advisories] in the subject line (with PRODUCT_NAME being the name of their product) whereas after the change the prefix will be [PRODUCT_NAME Advisories] without the word "Security" present. This means that any users relying on that prefix for email filtering will need to adjust their filters accordingly.
| Before Transition |
|---|
 |
| After Transition |
|---|
 |
If you have any questions about this information, please contact RSA Customer Support and reference this advisory for further assistance.
