Thursday, February 1, 2024

Reader Comment – Rockwell Advisories

Early this morning an anonymous reader left a comment on my blog post about Tuesday’s CISA advisories. The commentor noted that:

“Strange that Rockwell reports vulnerabilities to CISA, but doesn't publish them on their own website. They recently made a new website for security advisories, for which a login is no longer needed, but the new website is not as actively maintained as the old website, so you'd better use the old one to keep current. CISA refers to Rockwell's new website.”

Readers of my Chemical Facility Security News newsletter (subscription required) know that I briefly discussed the new Rockwell advisory site in my Tuesday post. I reported:

“Rockwell has for many years kept the advisories behind a registration page. It was not limited to registered owners, but it did require a password to access. This was minimally intrusive. They recently moved their advisories to a fully public website. They still do not provide publication dates on that page, so it may be difficult to tell when advisories are updated. They do provide the capability to sort by date of issue (update?), I will have to wait and see how it works out.”

I am not sure that I understand what the commentor is complaining about. Here is a screenshot taken today from the new site and it is identical to what I saw on Tuesday.

It shows the four latest advisories, including all three from Tuesday.

The snip from the old website (still up behind the log in restriction) shows the latest four advisories, which only includes one of the three posted Tuesday.

So, again, it looks like the new Rockwell page is what they are going to be maintaining. I still have questions about how they will handle/publish updates, but that will have to wait to a future release.

1 comment:

Anonymous said...

You are right, the new Rockwell vulnerabilities are on the new website now, but they were not there yesterday. Well, actually... they were not on the landing page, but if you edited the URL to match the SDnnnn number, they showed. So it was just an administrative delay somewhere.

If I were the maintainer of this website, I'd update the 'new' website first and then the 'old' one, and not the other way around, otherwise people do not migrate.

/* Use this with templates/template-twocol.html */