SAP CEO's Kagermann & Apotheker have sent out a message in which the urgently address the need to implement the following OSS Notes:
Note 1298160 - Security note: Forbidden program execution possible
Note 1168813 - Security note: Program DISPLAY_FUNC_INCLUDE
Note 1167258 - Security note: Program RS_REPAIR_SOURCE
Note 1304803 – Security note: Changing a transport without authorization
I was especially triggered by the sentence: "We have noticed that the number of customers who access and execute these critical security-related service notes is below our expectation."
To my opinion this is due to the fact that Security Notes are not included in the SAP Support Portal Newsletter and the lacking possibility of subsribing to an RSS Feed.
I sent out a mail to secure@sap.com and I got a very prompt response:
Dear Mr Borsboom,
Thanks for the idea.
Actually, we are planning to get rid of the manually maintained list. In future - I cannot state any date yet - we may handle security notes like "HotNews" notes. Then, any new security note would show up in the SAP Support Portal Newsletter.
An RSS feed would be an alternative, but at present I can only promise that we will consider it.
Best regards,
Bernd Reske
Product Security Response Team
SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf, Germany
mailto:secure@sap.com
http://www.sap.com
http://www.sap.com/security
http://service.sap.com/securitynotes
No comments:
Post a Comment