Confidentially requesting fixes to security vulnerabilities

jtharbison-slack · August 8, 2024, 4:36pm

When our tooling reports an unaddressed security vulnerability in the SDK, we need a way to confidentially request a fix. While the vulnerability is public, our use of a product containing the vulnerability and our interest in having it fixed we want to keep private. A sophisticated attacker could choose to seek out this knowledge when looking for attack vectors.

Can you please let us know how we can best confidentially request these fixes?

agutschow · August 13, 2024, 1:34am

@colin_mckibben, @colin_mckibben

Can you help with this?

Alicia

jtharbison-slack · August 13, 2024, 4:54am

Our CSM says we can report these through the support portal and they’ll be able to direct it appropriately.

system · October 12, 2024, 4:55am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.