×

You're using an outdated browser

For a better experience, keep your browser up to date. Check here for the latest version.

Manual

Security Bug Fixing Policy

Christoffer Bromberg

Christoffer Bromberg Last update: Dec 20, 2018

We follow Atlassian's lead, as described in the Security Bug Fix Policy, on how we handle vulnerabilities discovered in our apps. 

When we discover or otherwise get notice of a security vulnerability we will set up an incident response team which will assess the vulnerability and rate it according to CVSS v3. You can find a description of the security levels including examples here.

For all severity levels we will create an issue of type Security Advisory in our Jira disclosing the existence of the vulnerability. This issue will only be made public when a bug fix release is available to secure the vulnerability. We will only disclose details that are safe to share to protect our customer's installations. 
Additionally we will inform Atlassian of the vulnerability and any steps we are taking, following Atlassian's guidelines.

Based on the severity level we will treat the vulnerability as described below. We might add additional measures to best serve your needs, e.g. inform former customers or evaluators if necessary or communicate to individual organisations.

Medium severity level

Medium severity vulnerabilities will be fixed within 8 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

High severity level

High severity vulnerabilities will be fixed within 6 weeks of coming to our knowledge and will be included in the next scheduled bug fix release.

Moreover these vulnerabilities are reported on our website at https://help.k15t.com/security-advisories-153653784.html and in the Administration documentation section of the respective app, e.g. here https://help.k15t.com/scroll-imagemap/server/security-advisories-153651798.html

Critical severity level

Critical severity vulnerabilities will be fixed within 4 weeks of coming to our knowledge and will be released as a bug fix release as soon as possible. 

Moreover these vulnerabilities are reported on our website at https://help.k15t.com/security-advisories-153653784.html and in the Administration documentation section of the respective app, e.g. here https://help.k15t.com/scroll-imagemap/server/security-advisories-153651798.html

Furthermore we will send a Security Advisory email to all known customers and evaluators, i.e. the contacts for the licenses registered at my.atlassian.com.




2x$versions.current.name
We use cookies to create a secure and effective browsing experience for our website visitors and to understand how you use our site (i.e. Google Analytics). For more information: click here.
Ok