Currently Being Moderated

Acknowledgments to Security Researchers

The SAP Product Security Response Team thanks all researchers and security IT professionals that help with discovering and solving security vulnerabilities. Their findings continuously help SAP maintain the security and safety of its customers' and partners' SAP systems.

 

Our acknowledgements page lists those professionals we have worked with successfully in the past. We thank all security researchers for their excellent work and hope to continue the beneficial relationship between security professionals and SAP.

 

Security researchers who have helped SAP to improve the security and integrity of our customers' IT systems by respecting our disclosure guidelines this month are:


September 2014

ERPSecurity,Joris van de Vis, SAP Security Note 2030775

ERPSecurity,Joris van de Vis, SAP Security Note 2043506

ERPSecurity,Joris van de Vis, SAP Security Note1908631

ESNC, Ertunga Arsal, SAP Security Note 2015232

ESNC, Ertunga Arsal, SAP Security Note 1971397

Onapsis, Juan Pablo Perez Etchegoyen, Will Vandevanter, SAP Security Note 2039905

Onapsis, Pablo Muller, SAP Security Note 1979454

Sense of Security, Fatih Ozavci, SAP Security Note 2042074

Sense of Security, Fatih Ozavci, SAP Security Note 2039924

Sense of Security, Fatih Ozavci, SAP Security Note 2036547

 

Each Patch Day (second Tuesday of a month) the involved external researchers are listed with company name, link to their home page, and name of the person. Details about finding are not included. The order of the list is alphabetical according to company name.

For previous months' acknowledgments, visit the acknowledgments archive page.

 

To view the security notes released this Patch Day, visit the Support Portal.

 

SAP encourages the responsible disclosure of security vulnerabilities and therefore requests the researchers to follow the following general guidelines:

 

  1. If you have detected a vulnerability in one of our software products – either in the latest or in a former product version –you shall inform us about the issue and follow the guidelines and processes in accordance with our Portal page “Report a Security Vulnerability to SAP”.
  2. Give SAP sufficient time to develop suitable fixes.
  3. Do not publicize vulnerabilities until SAP customers have had enough time to deploy fixes.
  4. As a rule of thumb, we suggest respecting an implementation time of three months. We ask all security researchers to not disseminate any kind of information or tools that would help to exploit the vulnerability during that time.
  5. Provide us all of your external disclosures beforehand, such as advisories or presentations with SAP product security content for a review.

 

We honestly appreciate your work and certainly want to show this appreciation through credits on a public Web site. Nevertheless, SAP reserves the right to change or delete credits at any time.

 

For further information, read the Disclosure Guidelines for SAP Security Advisories.

Delete Document

Are you sure you want to delete this document?