Vulnerability Disclosure

Definition

Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities.

Vulnerability disclosure at Specops Software

Specops Software is committed to resolving security vulnerabilities in our products and services. We take all necessary steps to minimize customer risk, provide timely information, and deliver vulnerability fixes and mitigations required to address security threats.

Specops Software follows the Responsible Disclosure guidelines as laid out in ISO 29417 for any externally reported vulnerabilities or security flaws. These standards facilitate open communication between security researchers and vendors, clearly define responsibilities between the involved parties, and protect all parties from exploitation whenever possible.

Reporting a vulnerability

If you believe you have discovered a vulnerability in a Specops Software product, service, or infrastructure that has not been resolved, please contact us via the provided email address: securityATspecopssoftDOTcom

To expedite verification and handling of the finding, please provide the following information in the initial communication or the helpdesk ticket:

  • Your preferred contact information
  • Product name and version number, if applicable
  • Date the vulnerability was observed
  • Description of the vulnerability
  • Instructions to duplicate the vulnerability

Mitigation and remediation

If the report is confirmed valid, Specops Software will move forward with providing remediation or mitigation. Specops Software will keep the reporter up-to-date on progress until the issue has been fully addressed to the satisfaction of all parties.

Specops Software asks that any vulnerabilities are reported in accordance with the policies of Coordinated Vulnerability Disclosure (CVD) and are not reported or revealed publicly until remediated or sufficient time has elapsed in accordance with CVD.

References

https://www.iso.org/standard/72311.html

https://resources.sei.cmu.edu/asset_files/SpecialReport/2017_003_001_503340.pdf