¶¶Òõpro

  1. Home
  2. Products & Support
  3. Global Product Security (Report a Product Vulnerability)

Global Product Security

Product Vulnerability Reporting Procedure

If you believe you may have discovered a security vulnerability in an ¶¶Òõpro product, ¶¶Òõpro PSIRT (Product Security Incident Response Team) welcomes any vulnerability reporting. Please review the following:

Important Notices Prior to Reporting:

  • ¶¶Òõpro PSIRT only accepts information regarding undisclosed vulnerabilities in our Products.
  • Vulnerabilities in third party software/ open-source software should be reported directly to that 3rd party.
  • ¶¶Òõpro PSIRT does not administer a bug bounty program. The security reporter and or other entity hereby acknowledges there is no payment or compensation.
  • ¶¶Òõpro PSIRT does not accept the following as a product vulnerability submission:
    • 1. Claims that our products do not adhere with best security practices.
    • 2. Social Engineering attacks
    • 3. Denial of Service weaknesses
    • 4. TLS configuration issues: Examples include support for weak cipher suites, TLS 1.0, Sweet32, BEAST, etc.
    • 5. Email address verification problems: Issues with verifying email addresses used for user account creation.
    • 6. Self XSS: Cross-Site Scripting (XSS) that only affects the attacker¡¯s own browser.
    • 7. CSRF and CRLF attacks: Only if the impact is minimal.
    • 8. HTTP Host Header XSS: Without a working proof-of-concept.
    • 9. Incomplete or missing SPF/DMARC/DKIM configurations.
    • 10. Security flaws in third-party websites that integrate with our products.
    • 11. Network data enumeration techniques: Such as banner grabbing or publicly available server diagnostic pages.
  • We ask that the vulnerability reporter work with ¶¶Òõpro PSIRT throughout the disclosure process and to co-determine a disclosure date to ensure patient safety and data privacy.
  • ¶¶Òõpro PSIRT asks to fill in all required fields of the vulnerability submission form and provide as much information as possible.
  • We prefer the submission be to be in English.

After Submission:

  • A member of the ¶¶Òõpro PSIRT will review and respond to your submission promptly with next steps.
  • ¶¶Òõpro PSIRT will work with the applicable Product teams to confirm the reported vulnerability information.
  • If the submission is determined to be a new vulnerability in our product, ¶¶Òõpro PSIRT will determine and implement a mitigation/ remediation for the vulnerability.
  • ¶¶Òõpro PSIRT (if and when) deemed necessary, will post a security advisory to corresponding product security website.

Notice* Please note that submitting information on potential vulnerabilities does not create any rights on behalf of the submitting party or obligations on behalf of ¶¶Òõpro PSIRT. ¶¶Òõpro PSIRT can use the information at its discretion.