Hello World

By dscholl posted 07-22-2015 09:04






Hello World


We are the Juniper Networks Security Incident Response Team (SIRT) and we handle all aspects of possible security issues with Juniper products. Our team looks for them, accepts information about them, works to get bugs fixed, and publishes Juniper Security Advisories. We also participate in numerous security organizations like FIRST and ICASI.


From time to time, particularly with the current proliferation of “branded” vulnerabilities like Heartbleed, Shellshock, Ghost, and Logjam getting significant attention, it will be useful for SIRT to be able to quickly announce that we’re investigating or perhaps even that a popular issue doesn’t affect any of our products. This blog gives us the opportunity to put out statements from Juniper SIRT in real time.


SIRT also plans to use this blog to discuss the way we do certain things, or perhaps to discuss trends or standards in incident response. For example, in the near future we’ll be transitioning from using version 2 of the Common Vulnerability Scoring System (CVSS) to the newly released version 3. Look for a future blog post to discuss the differences and how they will impact our JSAs.


We are easy to reach. If you have any questions or concerns about possible security issues with a Juniper product, visit the Report a Vulnerability page on our website for directions on how to contact us. You can also subscribe to our Juniper Security Advisories and follow @JuniperSIRT on Twitter.


Derrick Scholl

Director - Juniper SIRT



1 view



12-18-2015 01:32

Hi, question from customer regarding JSA10713:


If access to the ScreenOS devices is protected by access lists and firewall filters and all hosts that can gain access are trusted (internal management network) is this a valid workaround. Why was this stamenet not made under the workaround section of JSA10713?

12-18-2015 01:27

Hi, my customer would like to know if for JSA10713  itn a large scale hub and spoke VPN scenario it would be sufficient to only upgrade software on the central site or do both endpoints of the VPN needs to be upgraded? Obviously only doing it on the central site would reduce the operational efforts.

Georg Dohmen