How Can We Help?

Search for answers or browse our knowledge base.

Deployment | Administration | Support

< All Topics
Print

Security Bug Fix Policy

This is our policy of on vulnerabilities discovered in our apps :

Based on the severity level we will treat the vulnerability as described below. We might add additional measures to best serve your needs, e.g. inform customers or evaluators if necessary.

Every vulnerability will be rated according to CVSS v3 and the following table :

CVSS V3 SCORE RANGESEVERITY
0.1 – 3.9Low
4.0 – 6.9Medium
7.0 – 8.9High
9.0 – 10.0Critical

Critical severity level

Critical severity vulnerabilities will be fixed within 4 weeks of coming to our knowledge and will be released as a bug fix release as soon as possible. 

We will send a Security Advisory email to all known customers and evaluators.

High severity level

High severity vulnerabilities will be fixed within 6 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

Medium severity level

Medium severity vulnerabilities will be fixed within 8 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Previous Data Security and Privacy Statement
Table of Contents