We appreciate customers and security researchers reporting vulnerabilities in our software and infrastructure to us.
We encourage customers and researchers to test the security of our product and infrastructure, provided this is done responsibly. If you plan to execute such a test, please contact our Support department, and ask for the collaboration agreement that we have in place for this purpose. It provides guidelines on how to work together with us, which for instance prevents our security team from interfering with your tests when detected by our monitoring.
If you have found (possible) security issues, we really appreciate it if you report them to us. We strive to respond to your reports with an assessment, which will include remediation steps if available, within one working day. You can report your findings using one of the following methods:
We treat security incidents with high priority. Where possible and necessary, immediate risk mitigation steps will be taken or provided.
If a modification in the product is necessary to remedy a vulnerability, we start working on that immediately and incorporate it in the next release of our product.
Customers that have selected our Continuous Delivery channel will be upgraded automatically. The next scheduled On-Premises release will also contain the fix. Since On-Premises customers need to download, install and test the upgrade before taking it in production, we request that, if you want to publish your findings, you wait at least 90 days after the initial report.
In our efforts to be a responsible supplier, we support the guidelines published by the US National Security Center of Excellence (NCCoE – nccoe.nist.gov).
We highly appreciate our customers taking their time to report bugs in our softwares
Please include details, including steps to help us recreate the issue you’re experiencing.
Choose if you want to include more information in your report, like a web address, your email address, or a screenshot.
We appreciate your help! We will make sure to send you an individual response by investigating your report to use the information you provide to improve ITDEVTECH products.