topic SAP Security Notes - application cadence? in Application Development and Automation Discussions https://community.sap.com/t5/application-development-and-automation-discussions/sap-security-notes-application-cadence/m-p/12148645#M1976796 <P>Our auditors have suggested that we need to increase the frequency of which SAP security notes are applied to our systems, i.e. Hot News/Severity 1 within 30 days, Highs/Severity 2 within 60 days, etc.</P> <P>I can understand the desire/need but feel that might not be the right balance between keeping the systems secure and meeting the needs of the business through enhancements much more "tangible" to them, especially given tight IT resources.</P> <P>Best practice aside, I'm interested in knowing more about what others are actually doing in this regard. How often are others applying security notes depending on their severity? </P> Mon, 27 Apr 2020 19:30:09 GMT Former Member 2020-04-27T19:30:09Z SAP Security Notes - application cadence? https://community.sap.com/t5/application-development-and-automation-discussions/sap-security-notes-application-cadence/m-p/12148645#M1976796 <P>Our auditors have suggested that we need to increase the frequency of which SAP security notes are applied to our systems, i.e. Hot News/Severity 1 within 30 days, Highs/Severity 2 within 60 days, etc.</P> <P>I can understand the desire/need but feel that might not be the right balance between keeping the systems secure and meeting the needs of the business through enhancements much more "tangible" to them, especially given tight IT resources.</P> <P>Best practice aside, I'm interested in knowing more about what others are actually doing in this regard. How often are others applying security notes depending on their severity? </P> Mon, 27 Apr 2020 19:30:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sap-security-notes-application-cadence/m-p/12148645#M1976796 Former Member 2020-04-27T19:30:09Z Re: SAP Security Notes - application cadence? https://community.sap.com/t5/application-development-and-automation-discussions/sap-security-notes-application-cadence/m-p/12148646#M1976797 <P>CVSS score is a good place to start. Anything from 6.9 or higher I would implement immediately. All others could be fitted around the usual patching. </P> Mon, 27 Apr 2020 21:33:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/sap-security-notes-application-cadence/m-p/12148646#M1976797 former_member612251 2020-04-27T21:33:46Z