Patch Day Tuesday
In the field of security response, the second Tuesday of every month is usually when software vendors (Microsoft, Apple, Adobe, Google, and including SAP) announce security patches to our customers. This is a common practice in our industry to make scheduled security announcements. The idea behind is to allow our customers and system administrator to plan ahead in order to apply security patches as soon as they become available.
More than one way to get notified
Our official blog is the best way to find out what patches are included on a patch day. Blog posts are organized by months and are updated on the second Tuesday of every month.
Each blog post includes critical patch details such as SAP security note number, brief vulnerability description, and products affected. The announcement is sorted by CVSS rating which corresponds to the priority and severity of a vulnerability. Alongside with each vulnerability, we collaborate with MITRE as a CVE numbering authority for SAP issues. Sometimes, a security issue discovered could be rather severe. We may issue security spotlight news to alert our customers in extraordinary cases.
Introducing collaboration with US-CERT
Beginning this month, we are sharing our patch day announcements with US-CERT. Our goal is to provide an additional venue for our customers to know of security patches available to them. Customers and interested parties can subscribe to US-CERT current activities RSS feed to receive latest patch information from SAP and other software vendors.