WE takes security seriously.
We align with the Security Severity Levels published by Atlassian and we adhere to their security requirements for Cloud applications.
Vulnerabilities reported will be fixed within these timeframes :
Severity | CVSS Score | Timeframe for resolution |
---|---|---|
Critical | CVSS v3 >= 9.0 | Must be fixed within 4 weeks of being reported and CVSS scored. |
High | CVSS v3 >= 7.0 | Must be fixed within 6 weeks of being reported and CVSS scored. |
Medium | CVSS v3 >= 4.0 | Must be fixed within 8 weeks of being reported and CVSS scored. |
Low | CVSS v3 < 4.0 | Must be fixed within 25 weeks of being reported and CVSS scored |
Our Security Practices should be read in conjunction with our EULA & Privacy Policy document.
Our apps are running on a reliable cloud service, heroku, and it applies security best practices and manages platform security. Please check details as below.
https://www.heroku.com/policy/security
If you believe you have found or experienced a security vulnerability with Infraware's product or service please contant us.