...
- Reports about vulnerabilities are
- automatically detected by SOS monitoring tools based on a Software Bill of Materials (SBOM),
- forwarded to SOS by automated vulnerability detection provided from the GitHub Source Code Repositories,
- forwarded to SOS by users via private e-mail,
- forwarded to SOS by customers via the SOS Ticket System.
- Detection of vulnerabilities includes both the SOS software product and any 3rd-party components included with the software product.
- Sources of vulnerability detection in source code of SOS software products include
- automated scans performed by source code repositories,
- security audits performed by users and customers for example for pen-testing,
- security breaches reported by users and customers.
- SOS tracks vulnerabilities in 3rd-party open source libraries by automated scans provided by source by source code repositories,
- Sources of vulnerability detection in source code of SOS software products include
- Users are advised to use private e-mail to report vulnerabilities to support@sos-berlin.com
...
- Fixes are implemented within the scope of the Release Policy - Change Management.
- Fixes are provided for any branches of the software product that are under maintenance. Find the list of Vulnerability Remediation Releases.
- Fixes include the procedure to approve that an exploit of the vulnerability is no longer applicable.
- For high-risk and for medium-risk vulnerabilities this steps step typically is completed within five business days.
...