/
Security Bug Fix Policy
Security Bug Fix Policy
Introduction
The following describes how and when we resolve security bugs in our products. It does not describe the complete disclosure or advisory process that we follow.
Security bug fix Service Level Objectives (SLO)
We have defined the following timeframes for fixing security issues:
Critical severity bugs to be fixed in product within 2 weeks of being reported
High severity bugs to be fixed in product within 4 weeks of being reported
Medium severity bugs to be fixed in product within 6 weeks of being reported
Low severity bugs to be fixed in product within 25 weeks of being reported