Security Vulnerability
Response Policy

Upon identification of any security vulnerability, Progress DataDirect will exercise commercially reasonable efforts to address the vulnerability in accordance with the following policy:

Priority*	Time Guideline	Version(s)
High Risk (CVSS 8+ or industry equivalent)	30 days	Active (i.e. latest shipping version) and all Supported versions
Medium Risk (CVSS 5-to-8 or industry equivalent)	180 days	Active (i.e. latest shipping version)
Low Risk (CVSS 0-to-5 or industry equivalent)	Next major release or best effort	Active (i.e. latest shipping version)

* Priority is established based on the current version of the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of computer system security vulnerabilities. For additional information on this scoring system, refer to https://en.wikipedia.org/wiki/CVSS.

Security Vulnerability
Response Policy

Connect any application to any data source anywhere

A product specialist will be glad to get in touch with you

Sitefinity

NativeChat

MOVEit

Kendo UI

Telerik

DataDirect

Corticon

Kemp LoadMaster

Flowmon

WhatsUp Gold

Kendo UI

Telerik

Test Studio

Fiddler Everywhere

Chef

DataDirect

MOVEit

WS_FTP

OpenEdge

MarkLogic

Semaphore

Security Vulnerability Response Policy

Connect any application to any data source anywhere

A product specialist will be glad to get in touch with you

Security Vulnerability
Response Policy