Skip to Content
You New Forum for security-related questions, we’re happy to comply: I am proud to announce that the Security is now open for business.

The official description is “Strategic SAP product security issues and questions in the areas of secure user access, such as Single Sign-On and Identity Management, secure collaboration, such as message security (encryption) and trust management as well as infrastructure security questions that span more than one SAP NetWeaver component, should be posted here.”.

Practically speaking, this will be a place to discuss all things security, even if they can’t be directly linked to an SAP software component. Processes around security management or IT risk management are fine as well.

We will start things by moving all (well, all we can find…) security related posts that are now buried in all the other forums into the security forum – using Craig‘s words, this is supposed to be the “one true place for security related issues”.

The SDN Security forum will be moderated by myself and two colleagues from the SAP Global Focus Group Risk Management & IT Security – Michael Altmaier and Christian Wippermann. We’ll be happy to discuss all your security questions. Questions around SAP’s new GRC Initiative are not directly in focus, but as long as there’s no separate forum for this, we’ll be happy to serve as a temporary home.

One request: please do NOT use the forum to post new security issues you may find in a SAP component. The reason for this is not that we’re trying to hide these issues, quite the contrary: we’d like to address them as fast as humanly possible, and this is why they still need to go to security@sap.com, where our dedicated security product experts will take care of them.

Let me finish this post with a quote from Confessions of a master jewel thief by Bill Mason:

“Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important factor in security — more than locks, alarms, sensors, or armed guards — is attitude. A building protected by nothing more than a cheap combination lock but inhabited by people who are alert and risk-aware is much safer than one with the world’s most sophisticated alarm system whose tenants assume they’re living in an impregnable fortress.”

Secure and happy posting, everyone – I’m looking forward to your discussions!

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Fredrik Pettersson
    …for listening to us wanting to have a forum to discuss general security related quiestions.

    I will be a frequent guest in this forum, trying to answer as many questions as possible.

    My own concern is most of identity management issues. How does other manage their identities within their corporations.

    (0) 
  2. Sudhanshu Shekhar Tiwary
    I think this is going to be the most popular  FORUM on SDN…

    The most relevant question today is How to cope with different data privacy policy in different countries…

    Let us start a buzz on it and have some fruitful discussion…

    Regards
    Sudhanshu

    (0) 

Leave a Reply