At Progress we work diligently to identify and correct any security issues found in our products. Customers who believe they have identified a security issue or vulnerability in one of our products are advised to contact Technical Support in order to have an engineer evaluate and document a possible security issue for our engineering teams to confirm and remedy when appropriate. Customers wishing to report a suspected security vulnerability should contact Technical Support.
Progress values its partnership with the security researcher community and encourages reports of suspected vulnerabilities in our web sites or products. Security Researchers and Ethical Hackers may submit suspected vulnerabilities via the submission form below, and we will make a best effort to meet the following response times.
|Type of Response||SLO in business days|
|First Response||7 days|
|Time to Triage||10 days|
|Time to Resolution||depends on severity and complexity|
When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep Progress and our users safe!
Questions about Progress’ privacy practices and how we handle your personal email@example.com
Use of Progress Software copyrighted materials or notice of copyright firstname.lastname@example.org
Questions about or requests to use Progress Software trademarks, logos or email@example.com
Questions about Security, Privacy, Compliance and Due Diligencesecurity@progress.com