At SureView we are committed to quality and are always working to improve our products. Because of this we value the opinions of the security research community and welcome the opportunity to work with you to strengthen our solutions for the benefit of our customers and their communities.
As professionals in your field we ask you to please maintain a high standard of conduct and report any vulnerability found to SureView in the first instance, allowing us to respond and correct the issue without exposing our customers to any undue danger.
Security vulnerabilities in supported SureView products are managed through a well-defined process. The time to respond depends on the scope of the issue and the process consists of 4 key steps:
Reporting: Submit your findings using the information at the bottom of this page. You will receive an acknowledgement and updates throughout the process.
Evaluation: SureView will work with you to confirm the potential vulnerability, and then assess the risk, determine the impact, and assign a processing priority. If the vulnerability is confirmed, the priority determines how the issue is handled through the remaining steps.
Solution: SureView will develop a solution to mitigate the confirmed vulnerability.
Communication: once a solution has been developed SureView will publish a security advisory for severe issues within 24 hours. Less severe issues may be communicated by other means. We will acknowledge you in the advisory if requested.
Throughout this process, we ask you to please keep all details confidential, allowing us and our customers the necessary time to respond and resolve any vulnerability, while maintaining the highest possible level of integrity.
To report an issue:
Please submit a ticket providing your email address and the details of your findings.