Aswin_mk's avatar
Aswin_mk
Icon for Cirrocumulus rankCirrocumulus
Jul 25, 2024
Status:
Investigating

Vulnerability dashboard

 

Hello Folks,

I have a suggestion for creating a vulnerability dashboard in devCentral 

It will be good, in Devcentral we can find latest CVE IDs that affecting F5 and suggested fixes . As of now, attacks are very high and if we are able to check latest vulnerabilities and F5 suggestion in this community, it will be very much helpfull. As of now i have to wait for my scanning devices reports to check CVEs in F5 KBs. If there is a path in devCentral for the same, it will be very helpfull. Also we are seeing so many vulnerability related queries in technical forum, for them aswell it will helpful 

Br

Aswin 

cve
security

7 Comments

Sort By
  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cirrocumulus rankCirrocumulus
    Jul 30, 2024

    Hi,

    Thanks for looking into this. I only suggested a landing page in devcentral with below security advisory page. Its already in F5 but if its community with a CVE searching filter will help in some way. If new vulnerabilities and solution will be there it will be helpful for users who come to devcentral with queries. (I only suggested this because, i saw 2 vulnerability related questions in technical forum)

     

  • LiefZimmerman's avatar
    LiefZimmerman
    Icon for Admin rankAdmin
    Jul 26, 2024
    Status changed:
    New
    to
    Needs Info

    Aswin_mk thank you for posting the suggestion.
    Do you think, having a "landing page" that helps describe the ways to locate the information that MegaZone is referring to satisfies your request?

    Or are you thinking that having ^that same^ CVE information re-stated into DevCentral?

    or, perhaps something else?
    What were you doing, or hoping to find on DevCentral, when this idea came to you?

    Some Background thoughts
    DevCentral (the community) aims to be a good place to help, pretty much anyone, learn the "How To's" of F5 products in the context of individual environments. There is a lot of user generated content, and we tend to publish opinions and ideas relatively quickly - trying to keep pace with the industry conversation flows. That information is often helpful but it also comes with a "use-at-your-own-risk" caveat. When something becomes crucial or settled guidance - it tends to move to 

    I give that background because CVEs and the response that F5 staff provides related to vulnerabilities (like folks on our SIRT team) is measured, exacting, and often critically important to the people relying on our products. ANd then that leads me to a worry. I worry that however hard I try we (the community platform) might end up sharing incomplete or out of date information or perpetuating a vector for mis-information - especially so if we try somehow to re-state existing information.

    Given that background - I'm hesitant but still interested in your idea.

  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cirrocumulus rankCirrocumulus
    Jul 26, 2024

    Hello,

    I looked in the feature adding this community. I know ihealth and its feature. It will be more helpful if new CVE listed in this community by F5. That only i suggetsed. 

  • MegaZone's avatar
    MegaZone
    Icon for SIRT rankSIRT
    Jul 25, 2024

    What exactly are you looking for?

    You can always find the latest Security Advisories on MyF5 - either on the web or via RSS.

    Alternatively, you can upload qkviews of your systems to iHealth and look at the security heuristic results for something more personalized.