Security Bug Fix Policy

Security Bug Fix Policy

How Can We Help?

Search for answers or browse our knowledge base.

Recent Comments

    Archives

      Solutions

      Docs

      Contact

      SYNCNOW

      SyncNow logo SyncNow – connect teams , tools and processes

      Security Bug Fix Policy

      Posted
      Updated
      ByAharon Mizrahi
      Print
      0 out of 5 stars
      5 Stars 0%
      4 Stars 0%
      3 Stars 0%
      2 Stars 0%
      1 Stars 0%
      < All Topics

      This is our policy of on vulnerabilities discovered in our apps :

      Based on the severity level we will treat the vulnerability as described below. We might add additional measures to best serve your needs, e.g. inform customers or evaluators if necessary.

      Every vulnerability will be rated according to CVSS v3 and the following table :

      CVSS V3 SCORE RANGESEVERITY
      0.1 – 3.9Low
      4.0 – 6.9Medium
      7.0 – 8.9High
      9.0 – 10.0Critical

      Critical severity level

      Critical severity vulnerabilities will be fixed within 4 weeks of coming to our knowledge and will be released as a bug fix release as soon as possible. 

      We will send a Security Advisory email to all known customers and evaluators.

      High severity level

      High severity vulnerabilities will be fixed within 6 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

      Medium severity level

      Medium severity vulnerabilities will be fixed within 8 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

      Was this article helpful?
      0 out of 5 stars
      5 Stars 0%
      4 Stars 0%
      3 Stars 0%
      2 Stars 0%
      1 Stars 0%
      5
      How can we improve this article?
      Please submit the reason for your vote so that we can improve the article.
      Table of Contents
      No Comments
      Skip to content