PROTECT

ORIGINA’S VULNERABILITY ADVISORIES

A VULNERABILITY IS A WEAKNESS OR FLAW IN COMPUTER SOFTWARE THAT CAN BE, AND OFTEN IS, EXPLOITED BY A THREAT ACTOR.

Vulnerability Advisories

Vulnerabilities can occur because of mistakes in the code development process or because of configuration weaknesses in the installed environment.

All computer systems have vulnerabilities. If you do not address them, vulnerabilities can have an adverse effect on software performance and provide threat actors with an opportunity to exploit the weakness.

The Common Vulnerabilities and Exposures (CVE) list, https://cve.mitre.org/cve, publishes and categorizes publicly disclosed security vulnerabilities and exposures in computer software.The list was established In 1999 by the MITRE Corporation, a nonprofit organization that is sponsored by the National Cyber Security Division of the US Department of Homeland Security.

When a new vulnerability is discovered by security researchers, it is added to the CVE list so that vendors and organizations can protect their products and systems. In most cases, the software vendor releases a software patch or fix to address the vulnerability. Under a process called Responsible Vulnerability Disclosure (RVD), vendors are informed about vulnerabilities in advance of publication. There is no requirement on vendors to develop a timely software fix and, meantime, you remain vulnerable to the risk.

Vulnerability solutions take time to develop and there is no guarantee that a vendor will provide a security fix for a vulnerability, especially if the software version is designated as End of Support (EoS).

ORIGINA’S VULNERABILITY ADVISORY SERVICE

When your organization moves your IBM software support to Origina, you are entitled to all software patches and fix packs that were released until your support agreement with IBM expires. However, you are not entitled to patches for vulnerabilities that are released after the expiry of your IBM S&S agreement. Origina’s Vulnerability Advisory service monitors IBM security bulletins and responds with pragmatic solutions that mitigate the threat of the vulnerability.

HOW DO VULNERABILITY ADVISORIES WORK?

When IBM publishes a new security bulletin for an IBM software product, if the vulnerability is critical, Origina’s independent Global IBM Experts and cybersecurity teams collaborate to write a vulnerability advisory.

The potential risk of a vulnerability is assessed according to three primary factors:

EXISTENCE

The existence of a known vulnerability in the software product

ACCESS

The possibility that a threat actor could gain access to the vulnerability

EXPLOIT

The capability of the threat actor to take advantage of the vulnerability

Our experts focus on the access and exploit characteristics of each vulnerability so that they can identify the appropriate mitigating solution.

 

Origina sets out all the critical threat intelligence relating to the vulnerability of software that we support in one central location to help you to respond to vulnerabilities quickly and effectively. Each vulnerability advisory includes the severity score, lists the affected product versions, and characterizes the type of weakness it represents.

The Vulnerability Advisory service also offers recommended solutions for how to prevent exposure. These solutions take many forms, including:

  • Application of a security patch or fix pack that you are entitled to but have not yet applied

  • Changes to the configuration of integrated products

  • Independent patch development

  • Advice on how to minimize the risk, for example by changing work practices

  • Deployment of a virtual patch through Origina’s Vulnerability Shielding service

Origina’s Vulnerability Advisory service ensures that you are always notified of new critical security threats facing your IBM software, along with solutions to mitigate threats, regardless of which product version you are using.

Support doesn’t necessarily end when we notify you of vulnerabilities and solutions. Unlike vendor-supplied software support, as an Origina customer, you can draw upon the experience of our independent Global IBM Experts to implement the recommended solution for you.

PROTECTED FROM START TO FINISH

Because we provide full support for all IBM software product versions, from the latest version to versions that are designated as end-of support by IBM, you receive hands-on and close support to protect your software for the duration of your contract with Origina. Moreover, if you deploy patches or solutions that Origina creates, you receive a perpetual right to use them even if you do end your support with Origina in the future.

Vulnerability Advisory Features:

  • Prompt, proactive alerts of emerging critical security vulnerabilities delivered to technical product owners
  • Full support to advise and mitigate security vulnerabilities regardless of software version
  • Range of solutions that include, but can also go beyond, traditional software patches to mitigate or extinguish vulnerabilities
  • Assistance with implementing solutions to ensure complete protection from vulnerability

CapitalOne is a financial services business which works with Origina for third-party IBM support.
Logo T-Mobile
Southern California Edison is a utilities company and is a third-party support customer of Origina for IBM software.
logo BT
Logo Sainsburys Argos
Canon logo
Valvoline logo
Societe Generale
Novartis logo
Acxiom logo
Global Foundries logo
Pladis logo
WEC Energy Group logo

get better software support for your business

See how much you could save by switching to Origina

upgrade your support
Female customer service agent