Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

At Team Files (by ikuTeam), security is a priority. We do our best to assure that customers' systems can't be compromised through the exploitation of vulnerabilities in ikuTeam products.

Scope

On this page, we outline the main points of how and when we address security bugs in our products.

Security Bug Fix Policy Service Level Agreement (SLA)

Our team set the timeframes for fixing security issues in our products, after being reported, as follows:

  • Critical severity bugs (CVSS v3 score >= 9) to be fixed in the product in 4 weeks;

  • High severity bugs (CVSS v3 score >= 7) to be fixed in the product in 6 weeks;

  • Medium severity bugs (CVSS v3 score >= 4) to be fixed in the product in 8 weeks.

Critical Vulnerabilities

Whenever a Critical security vulnerability is discovered, either by ikuTeam or reported by a third party, ikuTeam issues a new release for the current version of the affected product as soon as possible. For costumers using server products, it is essential to stay on the latest version of the product you are using (this is best practice). Costumers using cloud products are always on the latest version available, so there's no additional action required.

Non-critical vulnerabilities

ikuTeam includes fixes of non-critical issues (high, medium, and low severity) in the next scheduled release.

About severity levels

We attribute the severity level for each specific vulnerability using a self-calculated CVSS score. CVSS is an industry-standard metric for vulnerability. Learn more at FIRST.org.

  • No labels