These days it’s common to learn of a new security incident or malicious attack on a software company and the impact on their customers. These threats are expensive both from a compliance perspective, such as the stringent GDPR out of the EU, but also to customer goodwill and brand reputation. An incident of this magnitude may severely impact the public’s trust. So much so, that this impact can be felt for years. The risk is not just to a business, such a lapse may personally affect the CIOs and CSOs as well, potentially casting a shadow over a career or professional reputation.
More often than not, organizations not only have to worry about their own software, but they will need to worry about the security position of third-party vendors when processes and policies may be unsatisfactory or opaque. When a CIO and CSO can trust the security practices and policies of the vendors’ products that the organization embeds into their products/tools.In that case, it will allow them to better focus on their core business. To enable that trust, a vendor’s security policies and practices should revolve around transparency, proactivity and responsiveness.
Progress DataDirect emphasizes transparency, proactivity and responsiveness in our security policies and practice to ensure that:
Upon identification of any security vulnerability, Progress DataDirect will exercise commercially reasonable efforts to address the vulnerability in accordance with the following policy:
(CVSS 8+ or industry equivalent)
|30 days||Active (i.e. latest shipping version) and all Supported versions|
(CVSS 5-to-8 or industry equivalent)
|180 days||Active (i.e. latest shipping version)|
(CVSS 0-to-5 or industry equivalent)
|Next major release or best effort||Active (i.e. latest shipping version)|
* Priority is established based on the current version of the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of computer system security vulnerabilities. For additional information on this scoring system, refer to https://en.wikipedia.org/wiki/CVSS.