IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

SI does not use the HTTP Strict Transport Security Header (HSTS) feature.

BSA 3610-010 – Strict Transport Security not in use, Barclays GIS team have mandated to use same.

What we expect to see is an HTTP response header on every response to have the following:

Strict-Transport-Security: max-age=31536000

This does prevent only returning users from MITM attack downgrading the traffic to HTTP (not encrypted).

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • May 10 2019
  • Declined
How will this idea be used?

What we expect to see is an HTTP response header on every response to have the following:

Strict-Transport-Security: max-age=31536000

This does prevent only returning users from MITM attack downgrading the traffic to HTTP (not encrypted).

What is your industry? Banking
What is the idea priority? Urgent
DeveloperWorks ID
RTC ID
Link to original RFE
  • Attach files
  • Admin
    Ryan Wood commented
    11 Mar 12:15

    Thank you for participating in the Request for Enhancement (RFE) Community. After careful consideration we have rejected this RFE.

    Turning on HSTS is a best practice not an actual vulnerability. This request does not have a Common Vulnerability Scoring System (CVSS) associaed with it.

    Recommendation is to turn of http completley within the product.

    Customer can re-enter request after 12 months to see if priorities have changed.