Vulnerability Disclosure Policy

Reporting Security Issues to Ipswitch

As a provider of security software, we take security issues seriously and recognize the importance of privacy, security, and community outreach. In addition, Ipswitch utilizes security tools, processes and personnel to maintain a high standard of security.

If you believe you have discovered a vulnerability in a Ipswitch product or have a security issue to report, please contact security@ipswitch.com. The email address is continuously monitored and you will receive a response no later than five (5) business days. If you wish to use an encrypted channel, please use our MOVEit system and enter “security” in the “Recipient Email(s)” location. Once we have received a vulnerability report, Ipswitch takes the following steps to address the issue:

  1. Ipswitch requests the reporter to keep confidential any communication regarding the vulnerability.
  2. Ipswitch investigates and verifies the vulnerability.
  3. Ipswitch addresses the vulnerability and may need to release an update to address the vulnerability.
  4. Ipswitch notifies customers and partners of the vulnerability.
  5. Ipswitch publicly announces the vulnerability in the release notes.
    1. Release notes includes a reference to the person/people who reported the vulnerability, unless the reporter(s) wish to stay anonymous.

Our commitment to reporters:

  1. We will acknowledge the receipt of your vulnerability report in a timely manner.
  2. We will notify you when the vulnerability is fixed and allow you the opportunity to confirm it is fixed.
  3. We will publicly thank you for your responsible disclosure and helping us keep our products secure.