If you believe you have found a security vulnerability, we encourage you to report it responsibly.
Use GitHub’s private security advisory workflow: https://github.com/IBM-Cloud/ibm-sap-hana-backint-cos/security/advisories/new
If you cannot use GitHub’s private reporting feature, you may report the vulnerability through IBM’s Product Security Incident Response Team (PSIRT):
-
IBM Security Vulnerability Management (PSIRT): https://www.ibm.com/trust/security-vulnerability-management
-
Anonymous reporting form: https://www.ibm.com/support/pages/feedback/security-psirt
-
Report via email (PGP encryption optional): Refer to instructions on the PSIRT page above.
Please do not open public GitHub issues for security vulnerabilities.
IBM aims to acknowledge vulnerability reports within standard PSIRT timelines.