Reporting a Software Vulnerability
Posted by Antti Päivinen, Last modified by Antti Päivinen on 13.09.2016 12:15
Blancco is committed to security in its products and takes all reported matters very seriously. Any vulnerability identified will be investigated thoroughly and, if affecting the key security elements of the product, escalated to the highest priority within the appropriate team.
The following contents describe Blancco’s official process for handling and remediating prospective vulnerabilities found in our products.
Communication of Information
Identified issues can be reported via the appropriate form found on Blancco’s technical support site, which will result in a support ticket being created. Alternatively, an email can be sent to firstname.lastname@example.org; this will result in an automatically generated ticket.
In order to deal with the reported issue more effectively, please provide as much supporting information as possible, such as an Issue Report (Blancco 5 only), detailed information about the environment used or steps to recreate the issue.
When you have submitted a ticket, it will be assigned a tracking ID and a response will be given with details of the steps that will be followed in order to resolve the issue. If it is not possible to resolve, validate or recreate the issue, you will be issued with this information directly.
Disclosure of Vulnerability
For the protection of other users of Blancco software, it is strongly requested that you do not publically issue any information about the identified vulnerability. Blancco will coordinate a public response with you if necessary. Blancco also respectfully asks that you provide us with sufficient time to investigate and resolve the issue.