Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!


Publishing a critical security vulnerability

By francis1620463124 ·
Assume - you find a critical security vulnerability in your software product (through code inspection) and published a new version which contains the fix.

What are the next steps you should do. Do you let know your customer/evaluators, do you publish the security vulnerability on particular forums, are there any legal requirements ...

The concern is that hackers might find out about the vulnerability before the users have had an opportunity to update their environment.
Thread display: Collapse - | Expand +

All Answers

Collapse -

You need to be clear here.

by rproffitt Moderator In reply to Publishing a critical sec ...

There's nothing new in your discussion. And legal concerns are taken up with your legal department or counselor (varies with country.)

Most companies tend to publish the fix, notify customers and that's it. I did not write "This is the way."

Related Discussions

Related Forums