Last update 12 Apr 2021
Security of our products is one of our most important priorities. Our developers receive security training and review the code during the development process. We use agile methodologies that help us continually improve our products.
We use automated tests to verify the functionality of our products as well as check against known vulnerabilities.
We work hard to find and mitigate security vulnerabilities in our products. However, due to complexity and usage of our products, it is not always possible for us to know how they will be used, how our products are deployed and protected or how skilled are the attackers that seek to undermine security of those deployments.
If you become aware of any security vulnerability in any of CloverDX products, please contact firstname.lastname@example.org. We follow set of industry practices called Coordinated Vulnerability Disclosure (CVD). Under this process, researchers report the issues directly to us without publicly disclosing the issues and we work together to validate the issue and provide a fix. Afterwards the vulnerability can be disclosed to public.
We encourage responsible disclosure of any security vulnerabilities. We will not take legal action if you:
We use CVSS v3.1 score to determine severity of each vulnerability and to prioritize our work:
We release security fixes for supported versions of our products (retired products do not receive security fixes). See our and Downloads section in Customer Portal for more details about supported product versions.
We recommend that you keep updating your products to stay as close to the most recent version as possible.
We provide security advisories for critical and high severity issues at the same time as publishing a fix for them. A list of previously announced security vulnerabilities and their security advisories are available here.