More support for:
AIX, HP-UX, Linux, Windows, z/OS
4 September 2023
Security related activities and practices used in the development of Merative ™ Social Program Management
Merative ™ Social Program Management is now Cúram ™ by Merative™
Processes and practices to prevent, identify and address security vulnerabilities in Merative Social Program Management.
Merative has a multi-layered approach for preventing, identifying, and addressing security vulnerabilities in our product portfolio. Our ongoing internal initiative promotes consistent adoption of security practices in the development of products, with the goal of continually improving the quality and security characteristics of all Merative products. An important guide in this initiative is the IBM Redguide Security in Development: The IBM Secure Engineering Framework, which describes approaches to secure engineering practices for software products.
To address the timely resolution and notification of vulnerabilities in products after release, Merative has established the Merative Product Security Response Team (PSRT), a global team that manages the receipt, investigation, and internal coordination of product security vulnerability information related to Merative offerings. Merative PSRT is a focal point for security researchers, industry groups, government organizations, and vendors to report potential Merative product security vulnerabilities. This team will coordinate with Merative product and solutions teams to investigate, and if needed, identify the appropriate response plan. Customers of Merative offerings should continue to report all product related issues, including potential security vulnerabilities, to Merative Technical Support. Maintaining communication between all involved parties, both internal and external, is a key component of our vulnerability response process.
Security Bulletins notify customers about vulnerabilities, identify associated fixes by affected version and identify how and where to obtain those fixes. Customers are responsible for assessing the impact of any actual or potential security vulnerability in the context of their environment.
Ongoing software patching and maintenance is an important part of any Security Management system. Merative recommends the installation of regular maintenance packages to proactively avoid problems caused by software defects already known and corrected by Merative. In addition, customers should always plan to move to the latest maintenance level at the earliest opportunity. Situations may arise where Merative will not be able to safely deliver additional fixes on an older maintenance level.
You can find a list of all Security Bulletins for Merative Social Program Management in the Merative PSRT Blog.
For the latest list of Cúram security fixes and associated security bulletins, see the Merative support site.
For more information about Merative Social Program Management security testing practices, see Merative Security and the use of Third-Party Scanning Tools.