Upon identification of any security vulnerability, Progress DataDirect will exercise commercially reasonable efforts to address the vulnerability in accordance with the following policy:
(CVSS 8+ or industry equivalent)
|30 days||Active (i.e. latest shipping version) and all Supported versions|
(CVSS 5-to-8 or industry equivalent)
|180 days||Active (i.e. latest shipping version)|
(CVSS 0-to-5 or industry equivalent)
|Next major release or best effort||Active (i.e. latest shipping version)|
* Priority is established based on the current version of the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of computer system security vulnerabilities. For additional information on this scoring system, refer to https://en.wikipedia.org/wiki/CVSS.