Tackling vulnerabilities to keep your business running
Cloud Software Group is committed to keeping its products and customers secure. Cloud Software Group strives to follow industry standards during all phases of the Secure Development Lifecycle (SDLC). As part of its SDLC program, Cloud Software Group has a robust Security Response Process that accepts vulnerability reports against Cloud Software Group products and services from external sources – customers and researchers alike.
The Cloud Software Group Security Response Team is a dedicated team that is responsible for managing the receipt, verification, and public reporting of information about security vulnerabilities in Cloud Software Group products.
In line with its commitment to adhere to international standard ISO/IEC 29147:2018, all issues reported to Cloud Software Group follow our vulnerability response process:
Cloud Software Group will investigate vulnerabilities in Cloud Software Group products and services from the date of release until End of Life. The investigation and verification of issues will be prioritized based on the potential severity of the vulnerability and other environmental factors. Throughout the investigative process, Cloud Software Group will work with the reporter to confirm the nature of the vulnerability, gather required technical information, and ascertain appropriate remedial action. When the initial investigation is complete, results are delivered to the reporter along with a plan for resolution and public disclosure, if applicable.
The Cloud Software Group Security Response team will work with Cloud Software Group internal product development teams to address the issue. Timescales for releasing a fix vary according to complexity and severity. Cloud Software Group will provide updates to the researcher as and when there is progress with the vulnerability handling process related to the reported vulnerability.
When a mitigation or software update is released, Cloud Software Group will provide remediation or mitigation information to users, typically in the form of a security bulletin and software patches or updates. If, during the course of the vulnerability handling process, Cloud Software Group identifies a vulnerability in a third-party product or service, we will endeavor to responsibly disclose this issue and coordinate our public releases.
We also recommend our Citrix customers to review and update their security contacts for their organization in their Citrix account (https://www.citrix.com/account/).