Enea Product Security

The Enea Security Response Team (ESRT) team investigates and manages security related issues affecting Enea’s products and solutions. It also interacts with relevant security forums to detect and counteract vulnerabilities.

 

REPORT VULNERABILITIES

Customers can report flagged security related issues through the existing issue tracking system so that they are only seen and handled by the ESRT. Other entitled users of Enea’s solutions/products can report vulnerabilities or ask security related questions to the ESRT by sending an e-mail to security@enea.com. The members of the ESRT agree not to publicly disclose any details of the security issues reported by Enea customers. Additionally, OSS-Security's embargo period also applies.

Report a vulnerability

 

HOW TO CONTACT ESRT SECURELY

Information regarding potential security vulnerabilities is extremely sensitive, therefore it needs to be handled securely. For secure communications, please send your messages encrypted to the following address:

Sona [dot] Sarmadi [at] enea [dot] com using this PGP key.

When you contact ESRT please make sure that you provide your public key information so that we can communicate through secure channels.

 

Enea Linux security announcements

Subscribe to the Enea Linux security announcement mailing list to get notified when a new security patch is available in the Enea release archive.

Subscribe

ENEA SECURITY UPDATES AND CVE DATABASE

With decades worth of operating systems experience, Enea has tremendous expertise handling security risks. A strategic involvement in the OSS Security Group enables early awareness of vulnerabilities and  rapid deployment of security patches.

Go to CVE database

COLLABORATIVE APPROACH TO SECURITY

Security in open source software poses a number of special challenges that closed software does not. An open and collaborative approach in software development certainly results in great quality and productivity.

However, in spite of the robustness, publicly available source code exposes risks and vulnerabilities in an unprecedented manner, making security a very delicate topic. 

THE OSS SECURITY UMBRELLA

Consequently, security vulnerabilities reported in the dictionary of Common Vulnerabilities and Exposures (CVE) are tracked and discussed openly by the OSS-Security umbrella community. Software communities as well as companies rely upon CVE and OSS-Security to share data and handle security issues.

Enea (through ESRT) is an active member in OSS-Security, therefore we get notified quickly when a security vulnerability is detected by the community. 

SECURITY INCIDENT MANAGEMENT PROCESS

As soon as a security vulnerability is detected internally, externally or reported by an Enea customer, the ESRT runs an exclusive investigation which ultimately leads to a correction under different scenarios. A solution is sometimes implemented in-house and contributed to the corresponding open source project; and other times it may consist of applying an already existing patch, with the consequent integration and verification. Both scenarios often involve working together with the corresponding upstream project.