This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Community Support Knowledge Base
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I report a security vulnerability identified in a NetWitness product?

RSA-KB-Sync
Administrator Administrator
Administrator

on ‎2020-12-10 06:11 PM - edited on ‎2022-02-25 12:05 PM by Administrator Administrator

This article outlines the correct procedure for reporting a security vulnerability that has been identified in a NetWitness product.
Reference NetWitness Vulnerability Response Policy.

NetWitness strives to help our customers minimize risk associated with security vulnerabilities in our products. Our goal is to provide customers with timely information, guidance and mitigation options to address vulnerabilities. The RSA Product Security Incident Response Team (RSA PSIRT) is chartered and responsible for coordinating the response and disclosure for all product vulnerabilities that are reported to RSA.

NetWitness employs a rigorous process to continually evaluate and improve our vulnerability response practices and we regularly benchmark these against the rest of the industry.
 

How to Report a Security Vulnerability

If you identify a security vulnerability in any NetWitness product, please report it immediately. Timely identification of security vulnerabilities is critical to mitigating potential risks to our customers.

NetWitness customers and partners should contact the appropriate technical support team to report security issues discovered in an NetWitness product. The Technical Support team, the appropriate product team and RSA PSIRT will work together to address the issue and provide customers with next steps.

Security researchers, industry groups, vendors, and other users that do not have access to Technical Support should send vulnerability reports to RSA PSIRT via email (sro.support@netwitness.com).

When reporting a potential vulnerability please include as much of the below information as possible to help us better understand the nature and scope of the reported issue: 

  • Product name and version that contains the vulnerability
  • Environment or system information under which the issue was reproduced (e.g. product model number, OS version etc.)
  • Type and/or class of vulnerability (XSS, buffer overflow, RCE, etc.)
  • Step-by-step instructions to reproduce the vulnerability
  • Proof-of-concept or exploit code
  • Potential impact of the vulnerability

Notes

For more information, refer to the RSA Vulnerability Response Policy page on the rsa.com website.
Was this article helpful? Yes No
0 Likes
No ratings

In this article

Version history
Last update:
‎2022-02-25 12:05 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.