Security bug fix policy

At ikuTeam, security is paramount. We are committed to ensuring that our customers' systems remain impervious to attacks by rigorously safeguarding against vulnerabilities in our products.

Scope

We outline the main points of how and when we address security bugs in our products on this page.

Security Bug Fix Policy Service Level Agreement (SLA)

Our team set the timeframes for fixing security issues in our products, after being reported, as follows:

  • Critical severity bugs (CVSS v3 score >= 9) to be fixed in the product in 4 weeks;

  • High severity bugs (CVSS v3 score >= 7) to be fixed in the product in 6 weeks;

  • Medium severity bugs (CVSS v3 score >= 4) to be fixed in the product in 8 weeks.

Critical Vulnerabilities

Whenever a Critical security vulnerability is discovered, either by ikuTeam or reported by a third party, ikuTeam issues a new release for the current version of the affected product as soon as possible. For customers using data center / server products, it is essential to stay on the latest version of the product you are using (this is best practice). Costumers using cloud products are always on the latest version available, so there's no additional action required.

Non-critical vulnerabilities

ikuTeam includes fixes of non-critical issues (high, medium, and low severity) in the next scheduled release.

About severity levels

We attribute the severity level for each specific vulnerability using a self-calculated CVSS score. CVSS is an industry-standard metric for vulnerability. Learn more at FIRST.org.