UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
727 views

Security patch policy

Hi,

Does anyone know of a public document that explains HPE's or MF's official policy on the release of security patches for supported Connector and Logger appliances?

We've had a security scan done on appliances that have the September 2017 security patch installed, over 70 CVEs have been identified, and our security department is asking me to document what is the official commitment of the vendor on this.

I've opened a call, insisting that what I'm looking for is a long term general commitment, such as upgrading RHEL over time, rather than a ton of security patches outright (which I think is reasonable, as there are many issues).

To be polite, Tier-1 support has been giving me the runaround for weeks and I'm starting to lose patience. Considering these appliances are a security product, I was expecting to be taken seriously.

Thank you

Labels (2)
2 Replies
Commodore
Commodore

This does not answer your question specifically but the HP ArcSight Appliance Hardening Guidelines (KM00285646) provides some insight into the pre-release testing.

https://community.microfocus.com/t5/ArcSight-Archive-Docs-Other/HP-ArcSight-Appliance-Hardening-Guidelines/ta-p/1585771

 

Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks evknott1! This is indeed not exactly what I need, but better than nothing and I'll file it with the non-compliance report I've received. In the mean time, I'm not sure if it's a coincidence but Tech Support came around with a statement that should suffice.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.