Flaw and Vulnerability Reporting
Security is critical to our and our customers’ businesses. Privacy and security regulations across the globe have placed a clear emphasis on data confidentiality, integrity and availability as three critical factors in protecting data and the security of networks and systems. These therefore form the core part of our software and services, and their respective development roadmaps and lifecycles.
Flaw and vulnerability management
Our software and services undergo a robust programme of design, development and testing prior to deployment. This process is set out in our internal Secure Development Lifecycle document which we follow to ensure that any actual, or suspected flaw, vulnerability or security issue is addressed during this pre-launch phase.
Once deployed, our software and services are kept under review through regular maintenance and upgrades. On the rare occasion where a flaw or vulnerability is discovered which either directly or indirectly affects the security, stability or functionality of any of them, immediate action is taken to investigate and evaluate the issue, mitigate its effects and identify appropriate solutions to resolve it. Resolutions may include application of third-party vendor patches or other upgrades.
We carry out regular maintenance of third-party software and services used to deliver our services to ensure that security alerts and vendor updates are applied where appropriate to ensure that they remain up-to-date.
Notifying our supported customers
If we release a new version of our software to fix any identified flaw, vulnerability or security issue, we will advertise this to supported customers (including identifying the severity of the issue that has been resolved).
How to report a security flaw or vulnerability
If you suspect that our software or services may have a flaw, vulnerability, or other issue which may impact on its security you should contact us as soon as possible.
We welcome any reports from independent researchers, security consultants, industry organisations or bodies, or other individuals or organisations with an interest in software and SaaS security.
We commit to handling any externally reported flaw, vulnerability or other security issue appropriately. Indeed, we take any such reports very seriously and our relevant teams will focus on them as a matter of urgency.
We will take direct action to mitigate any flaw, vulnerability or observation as a high-priority to ensure the security and integrity of our software and services.