- Reporters should send vulnerability reports via our designated email: cve-reports@sec1.com.
- Reports should include detailed information about the issue, including how it can be reproduced, potential impact, and any other relevant details.
- We encourage responsible disclosure and request that reporters keep the findings confidential until a mutual disclosure timeline has been agreed upon.
Sec1 Public Disclosure Policy for CVE Reporting
Introduction
Sec1 is committed to maintaining the security and integrity of our products and services. As part of this commitment, we have established the following disclosure policy to guide the reporting and handling of vulnerabilities. This policy outlines our process for receiving, assessing, and disclosing vulnerabilities associated with our products or services.
Reporting Vulnerabilities
Response and Validation
- Upon receiving a report, Sec1 will acknowledge receipt within 72 hours.
- Our security team will review and validate reported vulnerabilities, working with the reporter as necessary for additional information or clarification.
- Once validated, we will prioritize the vulnerability according to its severity and impact and initiate the remediation process.
Disclosure Process
- After validating a vulnerability and developing a fix or mitigation, we will coordinate with the reporter to disclose the vulnerability responsibly.
- Our goal is to disclose the vulnerability in a manner that allows users enough time to apply fixes or mitigations before public release.
- Disclosure timelines may vary depending on the severity of the vulnerability, but our goal is to fully disclose in a timely and responsible manner, typically within 90 days of the initial report.
Public Communication
- Once a vulnerability is ready for public disclosure, Sec1 will publish a security advisory on our website and, if applicable, through our customer communication channels.
- The advisory will include a description of the issue, its potential impact, the CVE ID assigned, and recommended mitigations or solutions.
Commitment to Collaboration
Sec1 values the role of security researchers and the broader community in improving cybersecurity. We are committed to transparent and collaborative communication to ensure that vulnerabilities are addressed effectively and responsibly.
Contact Information
For any questions or concerns about this policy or to report a potential security issue, please contact us at cve-reports@sec1.com.