Securing Enterprise Applications - Cenzic Contact Us
Call 1-866-4-CENZIC (423-6942)
or email request@cenzic.com

home > cia research > disclosure guidelines
cia_research

Get Better Security

graphic
spacer

Disclosure Guidelines

Cenzic Software Vulnerability Disclosure Guidelines - 2007

Once a vulnerability is identified, Cenzic will inform the software vendor affected by the vulnerability. If the vendor doesn't communicate back within 10 days of notification, Cenzic may choose to disclose the vulnerability to MITRE, FIRST, CSI, Vuln-Watch and other associations. If the vendor communicates back with Cenzic within 10 days and requests an extension to fix the vulnerability before Cenzic discloses the vulnerability publicly, Cenzic will work with the vendor to make reasonable accommodations. After working with the vendor, unless no communication has occurred from the vendor, and 5 days after notifying the appropriate associations and services, Cenzic will send out a press release on the vulnerability.

back to top
Technical Resources
> Datasheet: Hailstorm Enterprise ARC
> Datasheet: Hailstorm Pro
> Datasheet: Hailstorm Starter
> Datasheet: Hailstorm Core
> White Paper: Beyond Simple Vulnerabilities Scanning
> White Paper: Cross Frame Scripting
> White Paper: Cenzic Imperative Assessment Plan
> White Paper: Enabling Security in the Software Development Lifecycle (PDF)

web application security
Subscribe
From the Industry
Application security

COMPANY   |   PRODUCTS & SERVICES   |   SUPPORT   |   NEWS   |   CUSTOMERS   |   PARTNERS   |   CIA RESEARCH   |   CONTACT   |   LEGAL   |   PRIVACY   |   SITE MAP   |   HOME

© Copyright 2008 Cenzic