Vulnerabilities can occur because of mistakes in the code development process or because of configuration weaknesses in the installed environment.
All computer systems have vulnerabilities. If you do not address them, vulnerabilities can have an adverse effect on software performance and provide threat actors with an opportunity to exploit the weakness.
The Common Vulnerabilities and Exposures (CVE) list, https://cve.mitre.org/cve, publishes and categorizes publicly disclosed security vulnerabilities and exposures in computer software.The list was established In 1999 by the MITRE Corporation, a nonprofit organization that is sponsored by the National Cyber Security Division of the US Department of Homeland Security.
When a new vulnerability is discovered by security researchers, it is added to the CVE list so that vendors and organizations can protect their products and systems. In most cases, the software vendor releases a software patch or fix to address the vulnerability. Under a process called Responsible Vulnerability Disclosure (RVD), vendors are informed about vulnerabilities in advance of publication. There is no requirement on vendors to develop a timely software fix and, meantime, you remain vulnerable to the risk.
When your organization moves your IBM software support to Origina, you are entitled to all software patches and fix packs that were released until your support agreement with IBM expires. However, you are not entitled to patches for vulnerabilities that are released after the expiry of your IBM S&S agreement. Origina’s Vulnerability Advisory service monitors IBM security bulletins and responds with pragmatic solutions that mitigate the threat of the vulnerability.
When IBM publishes a new security bulletin for an IBM software product, if the vulnerability is critical, Origina’s independent Global IBM Experts and cybersecurity teams collaborate to write a vulnerability advisory.
The potential risk of a vulnerability is assessed according to three primary factors:
The existence of a known vulnerability in the software product
The possibility that a threat actor could gain access to the vulnerability
The capability of the threat actor to take advantage of the vulnerability
Our experts focus on the access and exploit characteristics of each vulnerability so that they can identify the appropriate mitigating solution.
Origina sets out all the critical threat intelligence relating to the vulnerability of software that we support in one central location to help you to respond to vulnerabilities quickly and effectively. Each vulnerability advisory includes the severity score, lists the affected product versions, and characterizes the type of weakness it represents.
Application of a security patch or fix pack that you are entitled to but have not yet applied
Changes to the configuration of integrated products
Independent patch development
Advice on how to minimize the risk, for example by changing work practices
Deployment of a virtual patch through Origina’s Vulnerability Shielding service
Origina’s Vulnerability Advisory service ensures that you are always notified of new critical security threats facing your IBM software, along with solutions to mitigate threats, regardless of which product version you are using.
Support doesn’t necessarily end when we notify you of vulnerabilities and solutions. Unlike vendor-supplied software support, as an Origina customer, you can draw upon the experience of our independent Global IBM Experts to implement the recommended solution for you.
Because we provide full support for all IBM software product versions, from the latest version to versions that are designated as end-of support by IBM, you receive hands-on and close support to protect your software for the duration of your contract with Origina. Moreover, if you deploy patches or solutions that Origina creates, you receive a perpetual right to use them even if you do end your support with Origina in the future.
See how much you could save by switching to Origina
upgrade your support