Alcatel-Lucent
Worldwide [ Change ]    Subscribe to RSS feed
Solutions Products Services Innovation Support About Us
Security Vulnerabilities
Alcatel-Lucent Security Vulnerability Handling Policy

 
Alcatel-Lucent wants to find a balance between the interests of customers, vulnerability reporters and itself. To realize this we want to develop and deploy as fast as possible remedies that mitigate reported vulnerabilities. Communication with all involved parties is a key activity in  our vulnerability solution process.

Communication during investigations
  • Alcatel-Lucent will acknowledge to the reporter the receipt of a Vulnerability Summary Report
  • Alcatel-Lucent will inform the reporter about the relevancy of the reported vulnerability.
  • Reporters of a security vulnerability will receive on a regular basis status information related to ongoing investigation of the vulnerability.
  • Alcatel-Lucent will contact the reporter in case more information is required regarding the vulnerability.
  • Once investigations have been done, Alcatel-Lucent informs the Reporter of its conclusions

In cases where Alcatel-Lucent does not agrees with the reported vulnerability, Alcatel-Lucent shall give detailed explanation on its decision.

If the vulnerability impacts one or more products, Alcatel-Lucent shall inform the Reporter as to when a remedy (which can be a short-term countermeasure and/or a longer-term product correction) will be made available

Providing Remedies

When the vulnerability is relevant to Alcatel-Lucent's products, Alcatel-Lucent will look for a solution to counter the vulnerability. This will result in a Security Advisory that describes the vulnerability, its impact and the steps that can be taken to defend affected systems and networks. This can be a configuration change, a patch, a maintenance update or a new version of the affected software.
Customers will receive configuration guidelines, software updates, fixes and new versions as regulated by contractual agreements. These can be obtained through the usual channels.Contact your support organisations for these matters.

Public disclosures

When there is a need for public announcements, Alcatel-Lucent will, in collaboration with a coordinator (CERT/CC, CERT/IST), agree on a date to publicly release the Security Advisory. In order for customers to apply the remedy, Alcatel-Lucent may request the reporter for a grace period before disclosing the security advisory to the public.

When appropriate Alcatel-Lucent submits the Security Advisory to security related public mailing lists (e.g. Bugtraq mailing list) and on its public website. Alcatel-Lucent may decide to omit details in the Security Advisory and reserve those for direct support to Customers. In such a case, the Security Advisory refers Customers to their usual support channels for further details on impact and remedies. If not all provided in the Security Advisory, more detailed information can be made available to Customers via specific Extranets used by Customers. Those Extranets are under the responsibility of Alcatel-Lucent business groups and/or divisions and may require authentication.

Even when Alcatel-Lucent did not yet find a solution, it can issue Security Notices to respond to information that is made public without its awareness.
 
 Email this page
 Print this page

 
For more information:
Contact us at psirt.security@alcatel-lucent.com
 
 
 
 
Copyright © 2006-2009 Alcatel-Lucent. All rights reserved. | Terms of Use  |  Privacy  |  Site Map  |  RSS