Security in today’s
interconnected digital world is very important. There are many hacks, threats, attacks,
viruses
reported on daily basis. Every year hackers are using more sophisticated methods.
As many other software vendors SAP is very much into the security aspects within
its software. Basis team of every customer running SAP should regularly monitor
security SAP Notes (see service.sap.com/securitynotes).
SAP have patch day - Tuesday. It is every second Tuesday of month (so called SAP
Security Patch Day).
But purpose of this blog
post is intended to provide basic guideline to someone who may find security
issue within SAP software and wants to report it to SAP.
So how to report a
Security Issue to SAP? Basic advice is provided by SAP at following page:
Basically there are two options depending who you are:
1 SAP
Customer: In case you find
out possible security issue report it to SAP via SMP as customer message at service.sap.com/message
2 Independed: If realize possible security issue, please report
it to SAP Product Security Response Team via email mailto:secure@sap.com using PGP for e-mail encryption.
If you are curious how
many issues were discovered by independed researchers and who are those people
look at following page: http://scn.sap.com/docs/DOC-8218
Page provides that statistics – a kind of hall of fame or acknowledgments to security
researchers.