Hello Folks,
I have a suggestion for creating a vulnerability dashboard in devCentral
It will be good, in Devcentral we can find latest CVE IDs that affecting F5 and suggested fixes . As of now, attacks are very high and if we are able to check latest vulnerabilities and F5 suggestion in this community, it will be very much helpfull. As of now i have to wait for my scanning devices reports to check CVEs in F5 KBs. If there is a path in devCentral for the same, it will be very helpfull. Also we are seeing so many vulnerability related queries in technical forum, for them aswell it will helpful
Br
Aswin
- MegaZone
SIRT
What exactly are you looking for?
You can always find the latest Security Advisories on MyF5 - either on the web or via RSS.Alternatively, you can upload qkviews of your systems to iHealth and look at the security heuristic results for something more personalized.
- Aswin_mk
Cumulonimbus
Hello,
I looked in the feature adding this community. I know ihealth and its feature. It will be more helpful if new CVE listed in this community by F5. That only i suggetsed.
- LiefZimmerman
Admin
Status changed:NewtoNeeds InfoAswin_mk thank you for posting the suggestion.
Do you think, having a "landing page" that helps describe the ways to locate the information that MegaZone is referring to satisfies your request?Or are you thinking that having ^that same^ CVE information re-stated into DevCentral?
or, perhaps something else?
What were you doing, or hoping to find on DevCentral, when this idea came to you?Some Background thoughts
DevCentral (the community) aims to be a good place to help, pretty much anyone, learn the "How To's" of F5 products in the context of individual environments. There is a lot of user generated content, and we tend to publish opinions and ideas relatively quickly - trying to keep pace with the industry conversation flows. That information is often helpful but it also comes with a "use-at-your-own-risk" caveat. When something becomes crucial or settled guidance - it tends to move toI give that background because CVEs and the response that F5 staff provides related to vulnerabilities (like folks on our SIRT team) is measured, exacting, and often critically important to the people relying on our products. ANd then that leads me to a worry. I worry that however hard I try we (the community platform) might end up sharing incomplete or out of date information or perpetuating a vector for mis-information - especially so if we try somehow to re-state existing information.
Given that background - I'm hesitant but still interested in your idea.
- Aswin_mk
Hi,
Thanks for looking into this. I only suggested a landing page in devcentral with below security advisory page. Its already in F5 but if its community with a CVE searching filter will help in some way. If new vulnerabilities and solution will be there it will be helpful for users who come to devcentral with queries. (I only suggested this because, i saw 2 vulnerability related questions in technical forum)
- Aswin_mk
Hi LiefZimmerman I hope you are already see my comment.
- LiefZimmermanStatus changed:Needs InfotoInvestigating
Thanks Aswin_mk - I'll review and get back to this later this month.
- Aswin_mk
Thank you 😊
- LiefZimmerman
A slight change on this front Aswin_mk - I won't say we'll have a full advisory panel in DevCentral but we do have a Security Insights article node now that may be a natural landing place to feature CVE related discussions AND I expect we'll be able to help anyone landing there with guidance to the proper CVE-related information during an event.
Security Advisory as a filter in search may also be a possibility in the near future - still not 100% but I will keep it in mind as we tweak our search experiences.
- Aswin_mk
Its make sense LiefZimmerman :). Thank you for going through it an updating me
