Devada Vulnerability Management (DVM)

Overview

Devada Vulnerability Management (DVM) provides the guidance necessary to mitigate or resolve security vulnerabilities in a timely manner. The remediation SLA helps to diagnose and address infrastructure and application related security concerns without confusing them with traditional SLAs. Security concerns are given a rating across numerous factors that will not be immediately apparent in a typical software bug. This means that the timeframe for security fixes might not match your software/infrastructure SLA.

Remediation SLA

Severity

CVSS v3 Score

Timeframe

Security Incidents

N/A

Mitigation 24 hours; Remediation ASAP

Critical

= 9.0

Within 30 days

High

= 7.0

Within 60 days

Medium

=4.0

Within 90 days

Low

< 4.0

Reasonable effort

Security Incidents

A security incident is any issue that is actively exposing PII or direct violation with Data Protection Policy. Some examples of a security incident are:

· Data Leak (PII)
· Unauthorized access
· (Distributed) Denial of service (DDoS/DoS)
· Lost/Stolen equipment

If you believe that you are suffering a security incident, you can reach Devada Security by using our e911 services at [email protected]

NOTE: e911 service is meant for issues that are without a doubt a security incident. Otherwise please use the Support Portal for CVEs and other vulnerabilities.

CVEs and Other Vulnerabilities

For all other security related issues like CVEs and vulnerabilities, please report them by:

· Filing a ticket via a Support Portal (Recommended for most vulnerabilities) or
· Sending an email to [email protected]

Further Actions

In some cases Devada may choose to shut off a part of AnswerHub functionality to reduce the impact of a threat. This allows us to ensure a safe and secured AnswerHub experience as well as provide an opportunity to respond in a manner that is commensurate with the threat. It could quite simply be better to mitigate and remediate the problem through removal of the faulty functionality. In the event that this action is taken the reporter of the issue will be notified along with product management. At which time product management will determine if alternative steps can be taken in the product roadmap for resolution.


Did this page help you?