At Team Files (by ikuTeam), security is a priority. We do our best to assure that customers' systems can't be compromised through the exploitation of vulnerabilities in ikuTeam products.
Scope
On this page, we outline the main points of how and when we address security bugs in our products.
Security Bug Fix Policy Service Level Agreement (SLA)
Our team set the timeframes for fixing security issues in our products, after being reported, as follows:
Critical severity bugs (CVSS v3 score >= 9) to be fixed in the product in 4 weeks;
High severity bugs (CVSS v3 score >= 7) to be fixed in the product in 6 weeks;
Medium severity bugs (CVSS v3 score >= 4) to be fixed in the product in 8 weeks.
Critical Vulnerabilities
Whenever a Critical security vulnerability is discovered, either by ikuTeam or reported by a third party, ikuTeam issues a new release for the current version of the affected product as soon as possible. For costumers using server products, it is essential to stay on the latest version of the product you are using (this is best practice). Costumers using cloud products are always on the latest version available, so there's no additional action required.
Non-critical vulnerabilities
ikuTeam includes fixes of non-critical issues (high, medium, and low severity) in the next scheduled release.
About severity levels
We attribute the severity level for each specific vulnerability using a self-calculated CVSS score. CVSS is an industry-standard metric for vulnerability. Learn more at FIRST.org.