• Creator
  • #2141570

    Publishing a critical security vulnerability


    by francis1620463124 ·


    Assume – you find a critical security vulnerability in your software product (through code inspection) and published a new version which contains the fix.

    What are the next steps you should do. Do you let know your customer/evaluators, do you publish the security vulnerability on particular forums, are there any legal requirements …

    The concern is that hackers might find out about the vulnerability before the users have had an opportunity to update their environment.

All Answers

  • Author
    • #2412930
      Avatar photo

      You need to be clear here.

      by rproffitt ·

      In reply to Publishing a critical security vulnerability

      There’s nothing new in your discussion. And legal concerns are taken up with your legal department or counselor (varies with country.)

      Most companies tend to publish the fix, notify customers and that’s it. I did not write “This is the way.”

Viewing 0 reply threads