Introduction

The following describes how and when we resolve security bugs in our products. It does not describe the complete disclosure or advisory process that we follow.

Security bug fix Service Level Objectives (SLO)

We have defined the following timeframes for fixing security issues:

Critical severity bugs to be fixed in product within 2 weeks of being reported

High severity bugs to be fixed in product within 4 weeks of being reported

Medium severity bugs to be fixed in product within 6 weeks of being reported

Low severity bugs to be fixed in product within 25 weeks of being reported