Welcome to the central page for SAP Security Response!
SAP caters to a wide portfolio of customers, a majority of whom are Fortune 500 companies, along with small and medium sized businesses as well as individual users. SAP takes the security of its vast product portfolio very seriously, as evident from our sterling reputation in the domain of business and enterprise software. Working towards that end is SAP's central Security Response Team, that collaborates closely with their Customers, external researchers and hackers, and coordinates with SAP development teams to ensure a high level of security in its products. The team also manages SAP's Security Patch Day.
On the second Tuesday of every month SAP releases security fixes for vulnerabilities reported by External Researchers and by our Customers. This well-defined day, i.e. the SAP Security Patch Day ensures that the development teams, security experts and PSRT plan quality measures for security fixes that are scheduled for release.
SAP submits CVE's to the MITRE organization for publication on its Security Patch Day. NIST also does a subsequent NVD entry for each CVE. Please expect some delays as we do not control their publication process.