As a provider of application security testing solutions and services, we recognize the importance of safely disclosing vulnerabilities to ensure the security of vendors and their users. Security is critical for maintaining user trust and we strive to build innovative products that serve user needs and operate in their best interest.
ForAllSecure follows a responsible disclosure policy. Vulnerability disclosure is a two-way street. We need to recognize it takes time, once a vulnerability is reported, to fix the bug. Further, it takes time for the users of the software to upgrade.
For open source, our disclosure policy follows Google's, which is available here.
Our disclosure policy for all ForAllSecure employees, contractors, and team members is as follows:
If you believe you have discovered a vulnerability in a ForAllSecure product and/or offering or have a security incident to report, please reach out via firstname.lastname@example.org.