This blog promotes knowledge sharing through experience and collaboration. For more product information, visit our WebSphere Commerce CSE page. For easier navigation, utilize the Categories to find posts that match your interest.
Hardening Site Security – Stay ahead of the attackers
It's become an almost unnervingly, common occurrence to hear about data breaches and other security issues in the news. It's important to stay up to date with security fixes as they're released to avoid issues that have a known and published remediation.
WebSphere Commerce follows the standard IBM PSIRT (Product Security Incident Response Team) Security Vulnerability Management process to handle vulnerabilities as they are reported. What this boils down to, is that when a vulnerability is discovered, the WebSphere Commerce Security team will follow industry standard best practices and publicly disclose the vulnerability by assigning it a CVE (Common Vulnerability and Exposure) identifier and publishing a Security Bulletin.
As such, it's recommended to stay on-top of these bulletins for the products you use. Here's a quick rundown on how you can get emailed automatically when a new bulletin is published.
Sign up for notifications
While I've mentioned WebSphere Commerce and WebSphere Application Server above, it's important to point out that there's likely more to your environment than just those two products. For example – DB2 and IHS (IBM HTTP Server) may also be of interest to you. Consider other integrations as well – such as with Sterling products. Signing up for notifications for your entire IBM software stack will help you stay ahead of the game.
While these steps will keep you current on future Security Bulletins, it's also worth looking into the bulletins that have already been published. The following Technote search will also return all of the Security Bulletins that have been published for WebSphere Commerce.
Finally, Security Bulletins are only a reactive measure to site security by helping resolve new issues as they come up. As always, it's best to be proactive with your security, and this is best handled by making sure you are using the full wealth of security features that WebSphere Commerce provides – such as cross-site scripting protection, whitelist filtering, and more. Read up on the security features in the Enhancing site security page of the Infocenter.