|
|
Response and Procedures
The explosive expansion of the Internet and the global ubiquity of computing focuses attention on the increasingly important need for computer security. SGI® participates in various security coalitions and follows standard operating procedures to ensure timely and orderly service for our customers.
If you would like more information about security issues, contact your SGI Support/Service provider. Send security reports to the SGI security alert team: security-alert@sgi.com. We monitor these messages during normal USA business days and hours (PST).
A support contract is not required to submit a security report. You will receive an automated confirmation of message receipt but no further contact unless more information is required. All issues reported are investigated and if necessary, patches will be generated and an advisory will be released. For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) are available.
SGI makes every reasonable effort to acknowledge publicly reported
security issues within 24 USA business hours. At the time of the
acknowledgment, we will provide any available information that may limit customer
exposure. When SGI has completed its investigation, an
SGI Security Advisory will be released with pertinent information
including any necessary Security Group Associations and Coordination
SGI embraces productive mutual cooperation with all parties
regarding security issues. SGI is a member of the FIRST
organization, a coalition of government and private groups
who exchange information, cooperate and coordinate response
activities that address computer security issues. SGI also
cooperates with the CERT Coordination Center and other
world wide security groups.
If it is necessary to inform the SGI customer community about a security issue, we will release an SGI Security Advisory. This information is provided freely to all interested parties and may be redistributed provided: it is not altered in any way, SGI is appropriately credited, and the document retains and includes its valid PGP signature. SGI Security Advisories are released to the public via the FIRST teams distribution network, Usenet security oriented newsgroups, and the SGI customer mailing list service, wiretap. SGI releases two types of security documents: SGI Acknowledgment Security Advisories, and SGI Security Advisories.
We release Acknowledgment
Security Advisories when SGI is currently investigating a
publicly known security issue. When an investigation of a
security issue is completed, SGI will release a full SGI
Security Advisory, which will contain all necessary
information including any necessary patch(es).
We archive SGI security advisories. They're available via anonymous FTP and on the Advisories page.
SGI welcomes productive mutual cooperation with parties reporting
security issues. If a party is reporting a previously unreported and/or
unknown security issue, SGI will provide attribution to the reporting
party in any released SGI Security Advisory, provided the information
does not become publicly known prior to the release of the advisory.
SGI will generate a security patch when it is necessary to correct software for a security issue. SGI makes
every reasonable effort to provide security patches as quickly as possible for all supported SGI platforms.
Security patches are freely available
to any interested party via anonymous
FTP at patches.sgi.com. We also maintain and archive patches on this site.
SGI maintains an anonymous FTP site where all files accessible via the
web may be retrieved by ftp. The site may be reached by directing your browser to ftp://patches.sgi.com/.
Disclosure, Advanced Notice, Newsgroup Policy
Mailing List Service via E-mail
SGI provides a free security mailing list service called wiretap.
Subscribers receive all SGI security advisories when
they are released.
| ||
