Reset Search
 

 

Article

KB16613 - Overview of the Pulse Secure SIRT Quarterly Security Bulletin Publication Process

« Go Back

Information

 
Last Modified Date10/22/2018 7:13 PM
Synopsis

What is the process and schedule used by the Pulse Secure SIRT for disclosing information regarding vulnerability-related issues to customers?

Problem or Goal
Cause
Solution

The Pulse Secure Security Incident Response Team (PSIRT) constrains the publication of Pulse Secure Security Advisories and Security Notices for non-urgent issues to a predefined quarterly schedule of the second Wednesday of January, April, July and October covering all Pulse Secure products.

In exceptional circumstances, the Pulse Secure SIRT may publish an out-of-cycle Security Advisory or Security Notice, but that is intended to be a rare event.  Examples include, but are not limited to, active malicious exploitation of a zero-day Pulse Secure vulnerability, or perhaps a multi-vendor issue in which all participating parties must publish simultaneously on a schedule negotiated by an external coordinating agency.

The Pulse Secure SIRT considers numerous criteria for determining if an issue warrants SIRT attention and, if so, how and to what range of products and software releases a fix will be applied and also how and when the issue will be published. The Pulse Secure SIRT uses the Common Vulnerability Scoring System version 3 (CVSSv3) to rank an issue as one factor in its evaluation. Information for how Pulse Secure uses CVSS can be found in KB16446 - Common Vulnerability Scoring System (CVSS) and Pulse Secure's Security Advisories in the Related Links section below.

More information regarding the Pulse Secure SIRT, including methods by which to report a product security vulnerability, is also available in the Related Links section below.

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255