Vulnerability Disclosure Policy

Reporting Security Issues to Ipswitch

As a provider of security software, we take security issues seriously and recognize the importance of privacy, security, and community outreach. In addition, Ipswitch utilizes security tools, processes and personnel to maintain a high standard of security.

If you believe you have discovered a vulnerability in a Ipswitch product or have a security issue to report, please contact security@ipswitch.com and use our PGP public key for encrypted communication. The email address is continuously monitored and you will receive a response no later than five (5) business days. Alternatively, if you wish to use an encrypted channel, please use our MOVEit system and enter “security” in the “Recipient Email(s)” location. Once we have received a vulnerability report, Ipswitch takes the following steps to address the issue:

  1. Ipswitch requests the reporter to keep confidential any communication regarding the vulnerability.
  2. Ipswitch investigates and verifies the vulnerability.
  3. Ipswitch addresses the vulnerability and may need to release an update to address the vulnerability.
  4. Ipswitch notifies customers and partners of the vulnerability.
  5. Ipswitch publicly announces the vulnerability in the release notes.
    1. Release notes includes a reference to the person/people who reported the vulnerability, unless the reporter(s) wish to stay anonymous.

Our commitment to reporters:

  1. We will acknowledge the receipt of your vulnerability report in a timely manner.
  2. We will notify you when the vulnerability is fixed and allow you the opportunity to confirm it is fixed.
  3. We will publicly thank you for your responsible disclosure and helping us keep our products secure.


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFq5E48BCADRo5wcnZAa/pF45JSZJcWSBKAG4VSO3DUcC+zwCbJXnYuwuHRc
QdBSCy1CAtufhCs1/iDnWFDdieQ8jPOmaddoJDXz0fej+SeMWl29tVQZ0E4vE0AE
VTNOF7Xv4TI6krjW/5WnTkuJpWDLeDon8hfkPmCc5ZFWlL5GbtK+e5shbYeJQF7z
hCzRm7k3pPEHULFUoXuwqyAf4Eg3Kq9XApI5m6xISH4WnWiMFUvOc6dJEXWYCsBq
HA1UOd8Zn5dE9JVUv6utSK+Jf/SQ25kg8+cUuIm/3mK47LTbD4gfXQQo0UWyRX2x
XKgoSLm/29Plgyzvw9uTfLDw8i+KC4fKCDZdABEBAAG0IFNlY3VyaXR5IDxzZWN1
cml0eUBpcHN3aXRjaC5jb20+iQFUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAFiEEJidhu6DoPuvcJP5Hn2UVQGa15/oFAlq5FbIFCQWjnKMACgkQn2UV
QGa15/odjwf/XV7zMWUa09wQktM0qroQdQ89SteEWFRE5JaiuQAbYepl5nRCr1S4
UhVbmZcTWfLl8mKnEDKGftV3oCMJOfwazdoNkfQFYmCUsKt7jB3wpOvAd7vaK65u
Q0FLXnM/OeelB0pkNeqUQjMccyzdDp9yeZOkw7Ct1AAQofp4IMpt4veXexAjwZJh
IEOrLIZckajioMqHLF9lyjiLiU1EWhf64Re1Eo437OmlEcQMZkZQbJa8afIBp2hh
5oXCJOuhAfx86ILjHBqBcxvY/+hba5ch+p2J6d997AFQ6mkyzUsH0EHhLYreTzF6
koLLlJwyGXs/k/sIR0uugyxHoO+NuZrf3LkBDQRauROQAQgAuv2GYlYE/tLZTzKG
ULoiM3Bl9bs0WW61r/IkfGpvLTHsZRvAhGswK68zbs7bIn3JDlkOwBSgaFwvNYOJ
huIYhH9YHjtCLa0CJ9nL+fexFTrUnvfTeD2RZeiUZexWwS1MLsPaYM/eGrkBfK0k
iXn5qrLKAIcU66qDU1DcJi9cL+OarbbErlOYqLlIybfAiE47DosMQL0obmXIL2Bn
k15/hzn5kgTZm59kiaGwh32NiLcc7Xi8uJ8OcECOzDAoZBkInuxHiCF2UOgoP4m4
o3g10SajNBsTZpo+f4nc1JUwk+Gf9DaLuK52AFjmwGI9pI+4R8kVLOVaSBgbMC9f
b3rYtwARAQABiQE8BBgBCAAmAhsMFiEEJidhu6DoPuvcJP5Hn2UVQGa15/oFAlq5
FbIFCQWjnKIACgkQn2UVQGa15/qnSgf/anPilEyGx3aI1n5jdXAMdGF9p5K5H0nn
cpJRBHDYOWPa+WssyoJGwyFAOmnUtIxvSmXTdAINojOidvLGfnklwudZvaM8gbWn
FoDEDCBjDZp+sVc+oXASJENmF7Ua2/BygWUnaZinGD9Nmo3AouT7mf8oWZG0zP90
JYyNYRhn0S8WQeYuP4REtnzYSnUtdSiv6xUpQQOhgHlu2bQlrYXPdIst5olm+EVe
6Mv7lrGlbnav2NJSYhHsFG48WsFXwO38yptCPlujvU3+4PQMNJIUP0ppq6gYfCPn
GtWpVTkHfKnRUQvHSD1A2ZCJ1UUhcZgTkpCvCyvyaty6VVDLR99/rQ==
=4/aT
-----END PGP PUBLIC KEY BLOCK-----