Follow These Steps to Report a Potential Security Vulnerability

Send an email to support@s4dx.com and include as much information as possible:

• Your contact information
• Product name with any version or revision numbers
• Name of the person who found the vulnerability
• Date when the vulnerability was detected and details about how it was discovered
• Detailed technical description of the potential vulnerability
• Detailed description of potential exploits
• A Common Vulnerability Scoring System (CVSS) score if possible

How S4DX´s PSIRT Responds to Reports

S4DX´s PSIRT will use the following steps to respond to a report of a potential security vulnerability:

1. Notification: S4DX receives the report and acknowledges the receipt of the information
2. Review: S4DX reviews the information provided to determine if an S4DX product is indeed affected and if there is sufficient data in the report to begin an investigation
3. Analysis: Once all the necessary information is received, S4DX does an in-depth technical investigation into the reported potential vulnerability
   • S4DX also uses CVSS v3.0 to score the vulnerability so that it is prioritized for analysis and remediation
4. Corrective actions: If the security vulnerability is verified, S4DX takes the appropriate actions for remediation of the issue
5. Disclosure: S4DX releases information about the verified vulnerability where appropriate and may make details about the remediation actions available in a security advisory or a bulletin

Our Responses to Reported Vulnerabilities

Known Vulnerabilities

Nossas respostas às vulnerabilidades relatadas (versão em português)

Vulnerabilidades conhecidas

Our Responsible Disclosure Policy

S4DX PSIRT follows a coordinated vulnerability responsible disclosure policy that you should review before you submit a report. It is based on ISO/IEC 29147:2020 and ISO/IEC 30111:2019, and it describes the nature of the expectations and relationship between S4DX and you.