Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process

0

0

Article ID: KB16613 KB Last Updated: 28 Dec 2015Version: 8.0
Summary:

What is the process and schedule used by the Juniper Networks SIRT for disclosing information to customers regarding vulnerability-related issues?

Symptoms:

Improve support by publishing Juniper Security Advisories and Security Notices to customers on a deterministic, periodic basis.

Solution:

The Juniper Networks Security Incident Response Team (Juniper SIRT) constrains the publication of Juniper Security Advisories and Security Notices for non-urgent issues to a predefined quarterly schedule of the second Wednesday of January, April, July, and October, covering all Juniper products.

In exceptional circumstances, the Juniper SIRT may publish an out-of-cycle Security Advisory or Security Notice, but that is intended to be a rare event. Examples include, but are not limited to, active malicious exploitation of a zero-day Juniper vulnerability, or perhaps a multi-vendor issue in which all participating parties must publish simultaneously on a schedule negotiated by an external coordinating agency.

The Juniper SIRT considers numerous criteria for determining if an issue warrants SIRT attention and, if so, how and to what range of products and software releases a fix will be applied, and also how and when the issue will be published. The Juniper SIRT uses the Common Vulnerability Scoring System (CVSS) to rank an issue as one factor in its evaluation. Information for how Juniper Networks uses CVSS can be found in KB16446 in the Related Links section below.

More information regarding the Juniper SIRT, including methods by which to report a product security vulnerability, is also available in the Related Links section below.

Related Links

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search