Services \ Technical Support Services
Lumension Product Security
Product Security Policy
Lumension is committed to resolving security vulnerabilities responsibly, culminating in the release of a Security Advisory and, if needed, a product update for our customers. We embrace open communication with those who report potential vulnerabilities in our products, as we work to protect enterprises and the internet infrastructure from exploitation. In addition to working closely with those who communicate vulnerabilities to us, Lumension follows responsible disclosure guidelines.
We use the latest development tools and techniques to provide a high-quality, secure product. We employ a rigorous test program for each software release proactively testing against the latest known threats. In some cases however, vulnerabilities escape detection, new types of exploits are identified after we release a product, or newly reported vulnerabilities in other products or operating systems result in issues with the security of our products. Regardless of source, we work quickly to resolve the issue.
Assessment and Correction
Lumension begins evaluating all potential security vulnerabilities that are discovered internally or externally within two business days of discovery. We provide regular updates as desired by the finder.
The complexity of the issue will drive the time required for investigation, resolution and testing of the security fix. Critical risk, high impact vulnerabilities are given top priority. Lumension may release an update to address the vulnerability as part of a hotfix, maintenance release or major update as appropriate.
Lumension maintains a policy of responsible disclosure. We will not announce security vulnerabilities until fixes are publicly available. For critical risk, high impact vulnerabilities, Lumension may contact customers that are especially vulnerable in order to recommend mitigations in the case that a fix is not yet available. We will not release the exact details of product vulnerabilities.
Reporting a Vulnerability
Lumension encourages you to report a potential vulnerability if you suspect there is a serious problem. If you are an existing customer, please contact Support directly using standard Support telephone numbers or open a ticket via the customer portal. If you are not a customer, please call us or send an email to ProductSecurity@lumension.com. If you send us an email please include sensitive information in a password protected, encrypted attachment such as provided in Microsoft Word or zip archives. Please use good password practice with at least an 11-character password, consisting of a mix upper and lower case letters, special characters, and numbers. The body of your email must include your contact information such as your name, company, job title, and a telephone number where you can be reached during normal business hours. We will call you to discuss the issue and retrieve the password to the sensitive information attachment.
The following articles address security issues and concerns which may impact Lumension products.