View - SMP/E SECINT ENHANCED HOLDDATA
search cancel

View - SMP/E SECINT ENHANCED HOLDDATA

book

Article ID: 261128

calendar_today

Updated On:

Products

View

Issue/Introduction

Our management team would like the vendor to provide the following requested service/information.

  1. SMP/E Installed  -  is the product smp/e installed?  --- Yes
  2. Enhanced Holddata  -  does the product utilize enhanced holddata?
  3. CVSS SMP/E Notifications/Updates  -  does the vendor send out smp/e CVSS notifications/alerts and updates for products when they are created, i.e. Class(SECINT);  (SYMP(B6.5,T6.2)
  4. CVSS Notifications  -  does the vendor provide comma delimited spreadsheets of listed issues with CVSS scoring
  5. CVE Public Notifications – does the vendor publish public disclosures of security and integrity vulnerabilities when they become aware

 

Environment

Release : 14.0

Resolution

The information on the customer's questions can be found at this URL:

 . MAINFRAME COMMON MAINTENANCE PROCEDURES, 
       Maintain Security and Integrity Fixes

https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/mainframe-common-maintenance-procedures/1-0/maintain-your-products/apply-maintenance/maintain-security-and-integrity-fixes.html

Here are the questions:

  1. SMP/E Installed  -  is the product smp/e installed?  
  2. Enhanced Holddata  -  does the product utilize enhanced holddata?
  3. CVSS SMP/E Notifications/Updates  -  does the vendor send out smp/e CVSS notifications/alerts and updates for products when they are created, i.e. Class(SECINT);  (SYMP(B6.5,T6.2)
  4. CVSS Notifications  -  does the vendor provide comma delimited spreadsheets of listed issues with CVSS scoring
  5. CVE Public Notifications – does the vendor publish public disclosures of security and integrity vulnerabilities when they become aware

Here are the responses:

 . Assuming point 1 is "Yes":

 . . The product(s) utilize enhanced HOLDDATA. 

 . . Any PTF that resolves a security or integrity problem is flagged with a hold class of SECINT within the enhanced HOLDDATA. The Common Vulnerability Scoring System (CVSS) base and temporal scores are included with the symptom.

    The security and integrity PTFs are assigned an SMP/E SOURCEID of SECINT, which you can use on the SMP/E APPLY statement. To search security advisories, go to Mainframe Software and select Security Advisories. To receive automatic notifications when new advisories are made available, select Security Advisories under Subscription from your Broadcom Support account.

 . . To search security advisories, go to:

 . . . Mainframe Software, and select "Security Advisories"

Powered by Wolken Software