Devada Vulnerability Management (DVM) provides the guidance necessary to mitigate or resolve security vulnerabilities in a timely manner. The remediation SLA helps to diagnose and address infrastructure and application related security concerns without confusing them with traditional SLAs. Security concerns are given a rating across numerous factors that will not be immediately apparent in a typical software bug. This means that the timeframe for security fixes might not match your software/infrastructure SLA.
|Severity||CVSS v3 Score||Timeframe|
|Security Incidents||N/A||Mitigation 24 hours; Remediation ASAP|
|Critical||>= 9.0||Within 30 days|
|High||>= 7.0||Within 60 days|
|Medium||>=4.0||Within 90 days|
|Low||< 4.0||Reasonable effort|
A security incident is any issue that is actively exposing PII or direct violation with Data Protection Policy. Some examples of a security incident are:
· Data Leak (PII)
· Unauthorized access
· (Distributed) Denial of service (DDoS/DoS)
· Lost/Stolen equipment
If you believe that you are suffering a security incident, you can reach Devada Security by using our e911 services at [email protected]
NOTE: e911 service is meant for issues that are without a doubt a security incident. Otherwise please use the Support Portal for CVEs and other vulnerabilities.
For all other security related issues like CVEs and vulnerabilities, please report them by:
· Filing a ticket via a Support Portal (Recommended for most vulnerabilities) or
· Sending an email to [email protected]
In some cases Devada may choose to shut off a part of AnswerHub functionality to reduce the impact of a threat. This allows us to ensure a safe and secured AnswerHub experience as well as provide an opportunity to respond in a manner that is commensurate with the threat. It could quite simply be better to mitigate and remediate the problem through removal of the faulty functionality. In the event that this action is taken the reporter of the issue will be notified along with product management. At which time product management will determine if alternative steps can be taken in the product roadmap for resolution.
Updated over 1 year ago