Several our customers recently had security audits. During these, the auditors noticed, that some security features are not implemented for MidTier, SmartIT/MyIT and RSSO and implementing these would increase security.
We asked BMC on their plans to implement these features and they recommended to created an idea so that this subject gets more attention.
So the idea is about to implement following features in the RSSO/Midtier/SmartIt/Digital workplace applications:
1) Security-Flag httpOnly in cookies, currently only JSESSION cookie in miditier has this flag
2) SameSite Flag (cookie attribute)
3) Referrer-Policy Header
4) Content Security Policy Headers (CSP)