Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-notes-link #944

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

release-notes-link #944

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
105c3ce
release-notes-link
smitapaloalto Oct 14, 2024
b181ab7
Merge branch 'main' into pascal-update1-api-ref-temp
smitapaloalto Oct 14, 2024
a05bd05
Update security-assurance-policy.adoc
smitapaloalto Oct 14, 2024
01fc487
Update security-assurance-policy.adoc
smitapaloalto Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions docs/en/compute-edition/33/admin-guide/welcome/security-assurance-policy.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Prisma Cloud adheres to the guidelines outlined in the https://www.paloaltonetworks.com/product-security-assurance[Palo Alto Networks Product Security Assurance Policy].

In accordance with this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule.
Per this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule.

Security releases are used for the sole purpose of remediating vulnerabilities that affect Prisma Cloud Compute, whether in its codebase or its dependencies.

Expand All @@ -25,33 +25,34 @@ New releases of Prisma Cloud Compute are signed off with up-to-date dependencies
* Any vulnerability with moderate severity when a fix is available.

==== Vulnerabilities Not Analyzed
* Any vulnerability with severity lower than high that does not have an existing fix.
* Any vulnerability with severity low; this includes vulnerabilties that the vendor will not fix as they are considered as having negligible impact.
* Any vulnerability with a severity lower than high that does not have an existing fix.
* Any vulnerability with severity low; this includes vulnerabilities that the vendor will not fix as they are considered as having negligible impact.

==== Exceptions
We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that is affects Prisma Cloud Compute.
Including product vulnerabilities identified during development, reported by customers or third-party researchers.
We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that affects Prisma Cloud Compute.
Including product vulnerabilities identified during development, and reported by customers or third-party researchers.
To report a vulnerability in Prisma Cloud Compute, submit the vulnerability details to our https://www.paloaltonetworks.com/product-security-assurance[PSIRT] team.

==== Frequently Asked Questions

* Which Prisma Cloud Compute releases receive security updates?

Prisma Cloud has an 'n-2' support policy that means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes.
Prisma Cloud has an 'n-2' support policy which means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes.
For more information, see xref:../welcome/support-lifecycle.adoc[support lifecycle].

*Are security fixes provided for both Prisma Cloud Enterprise and Compute editions?*

Yes, security vulnerabilities are addressed in both the editions.
Yes, security vulnerabilities are addressed in both editions.

*Do I have to upgrade my console/defender to get security updates?*

If security fixes are released, you may be required to upgrade either or both the Console and Defender. We recommend that all security releases are adopted immediately.
For the full details of which vulnerabilities were fixed in a release, refer to the xref:../../rn/release-information/release-notes-33-01.adoc[release notes].

For the full details of which vulnerabilities were fixed in a release, refer to the xref:../../rn/release-information/release-information.adoc[release notes].

*What is the minimum severity for vulnerabilities to warrant a security release?*

See triage criteria above.
See the triage criteria above.

*What is the frequency of security releases for Prisma Cloud Compute?*

Expand All @@ -65,4 +66,4 @@ For known vulnerabilities that are assigned a https://www.cve.org/About/Overview
For zero-days or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers.

*A new vulnerability is affecting Prisma Cloud Compute, but a security release was not issued.*
If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but it has not yet been addressed: please report it through to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT].
If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but has not yet been addressed, report it to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT].
Loading