This page (http://www.polycom.com/security) provides security information like FAQs, Polycom's UC Security Best Practice document as well as a link to the Polycom Security Center, where security advisories are posted. There are also links to government certifications, for example FIPS 140 certificates for Polycom products.
There's also a form there that allows you to report a security problem that you've found in a Polycom product.
The underlying issue is that the internal JBoss Application Server is vulnerable to remote command execution via the ‘HTTP Invoker’ service that provides Remote Method Invocation (RMI over HTTP). Access to the URLs ‘/invoker/EJBInvokerServlet’or ‘/invoker/JMXInvokerServlet’ with detached invoker operation via an HTTP POST request can be used to deploy a malicious remote Web Application Archive.
What does this mean?If you use RPRM version 7.x up through and including the just released 8.1.0 then please read the security bulletin and contact Polycom Support for a patch.