To keep you informed about any suspected or confirmed security issues, SAS publishes security bulletins and SAS Notes as part of our formal Product Security Incident Response Team (PSIRT) process.
Note: Hot fixes for each product component are cumulative and might include functionality fixes in addition to security fixes.
- For a list of hot fixes that are available for your products, use the the SAS Hot Fix Analysis, Download & Deployment (SASHFADD) tool.
- See the Hot Fix FAQ for a general overview of hot fixes.
Contact the Product Security Incident Response Team
Customers who have SAS support contracts should report a suspected security issue by opening a track with SAS Technical Support. Security researchers or others who do not have a support contract can contact PSIRT directly by sending email to firstname.lastname@example.org. Information about security vulnerabilities should be encrypted by using our public Pretty Good Privacy (PGP) key.