• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Launches PSIRT Page

May 26, 2022 By Marc Laliberte

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.

Our PSIRT page also provides information for security researchers who want to responsibly report vulnerabilities they’ve discovered. It will outline policies around reporting, including a “Safe Harbor” clause that protects users from potential legal action stemming from the report and/or research into the vulnerability, and how to report a vulnerability.

Our goal is to help administrators identify important security issues that may impact their WatchGuard products and provide guidance on mitigation strategies and potential workarounds. We will publish advisories for issues that fall into three main categories:

  • The first is flaws that we find in the Firebox and other WatchGuard products that warrant immediate action. We will share details about the vulnerability (without providing information that might be useful to attackers), including its severity and mitigating factors to help administrators quickly understand their potential impact. These advisories will include specific steps, either through software upgrades or configuration changes that administrators can take to mitigate the vulnerability.
  • Secondly, we list out major, industry-wide vulnerabilities (for example, Log4Shell) whose effects on our products may be in question by customers or partners. This category of advisory provides MSPs and customers with that information without needing to request information.
  • Lastly, the page will include advisories for most WatchGuard product vulnerabilities found by outside researchers. We appreciate the hard work of external researchers that work with us through the responsible disclosure process. We strive to give credit wherever possible while guiding customers with the most complete picture possible of the vulnerability and its impact.

The page is also designed to simplify compliance. When administrators conduct audits or vulnerability scans, they will be alerted to relevant CVEs and associated upgrades or fixes they should implement. Additionally, the page provides CVSS scores that detail the severity of vulnerabilities, which can help teams with prioritization in a sea of alerts.

This new page reflects our commitment to enabling our MSPs, partners and customers to stay one step ahead of threat actors in an increasingly complex cybersecurity environment. Over time, WatchGuard will add new information and capabilities to our PSIRT page to keep current with industry best practices and to further streamline the tracking and reporting of vulnerabilities. As always, customers and partners can mitigate risk by ensuring that they upgrade to the latest firmware and apply patches as they become available.

Share This:

Related

Filed Under: Featured, WatchGuard Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • What to Expect from NIS2
  • Our 2024 Security Predictions

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Our 2024 Security Predictions
  • Grading our 2023 Security Predictions
  • What to Expect from NIS2
  • Combined Cyber and Kinetic Warfare
  • The White House Tackles AI
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use