PSIRT Note: Fortinet PSIRT and Monthly PSIRT Advisories

Description

This article describes how the Fortinet PSIRT team has implemented significant changes to the PSIRT process in recent months, and this document outlines those changes and how customers can receive updates on product vulnerabilities.

Scope

FortiGuard.

FortiGuard Website.

All Vulnerabilities are posted on the FortiGuard Web site according to the Fortinet PSIRT Policy.

Solution

Monthly Advisory Process.

In line with the Fortinet PSIRT Policy (https://www.fortiguard.com/psirt_policy), all vulnerabilities up to and including high severity are posted on the second Tuesday of the month during Pacific Time business hours, allowing for a consistent cadence when it comes to addressing issues.  All Critical Severity issues will be addressed via an out of cycle advisory as required.

How to get notified of vulnerabilities:
There are multiple methods for being proactively notified of vulnerabilities.

RSS Feed (https://www.fortiguard.com/rss/ir.xml) – Real time feed with links to all the vulnerabilities for notification in the chosen RSS Reader.

• Log into the support account and select the account name at the top right of the support portal and select My Account 

• Select -> My Account -> My Account (IAM version) -> Account Preferences -> Edit.
• In the PSIRT Contact field and enter the required PSIRT contacts separated by a comma, semicolon or whitespace and select update at the top right of the Forticloud portal.

 

Note that mail will be received from the following address:
From: Fortinet <noreply@fortinetpm.com>.

 

Example Monthly PSIRT Advisory.

 

 

Related articles:

Technical Tip: CVE lookup and other important features in FortiGuard Labs