From 9e456676bb97e18155f2748bea6accd827b9eba3 Mon Sep 17 00:00:00 2001 From: Nadezhda Tacheva Date: Fri, 22 Nov 2024 18:43:45 +0200 Subject: [PATCH 1/3] chore(security): update overview --- security/overview.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/security/overview.md b/security/overview.md index 214de58e46..e78db5afd5 100644 --- a/security/overview.md +++ b/security/overview.md @@ -35,7 +35,7 @@ We value the contributions of security researchers and ethical hackers. If a res |------------------|------------------------| | First Response | 7 days | | Time to Triage | 10 days | -| Time to Resolution| Depends on severity | +| Time to Resolution| [Depends on severity](#vulnerability-remediation-guidelines) | For more information, visit: @@ -43,6 +43,15 @@ For more information, visit: - [Progress Trust Center](https://www.progress.com/trust-center) - [Vulnerability Reporting Policy](https://www.progress.com/trust-center/vulnerability-reporting-policy) +## Vulnerability Remediation Guidelines + +Progress follows defined timelines for remediating vulnerabilities based on their severity levels, ensuring a structured and efficient approach to maintaining security across all products. These guidelines are aligned with CVSS (Common Vulnerability Scoring System) scoring: + +- **Critical scored issues (CVSS 9.0+):** Resolved within **30 days**. +- **High scored issues (CVSS 7.0–8.9):** Resolved within **60 days**. +- **Medium or lower scored issues (CVSS < 7):** Resolved within **90–120 days**, depending on the score. + +While these are not strict SLA (Service Level Agreement), they serve as a commitment to providing timely resolutions for identified vulnerabilities. ## What We Do to Mitigate Risk From e463fe03c21a1d3f826ec88a0b4792390b7fff5a Mon Sep 17 00:00:00 2001 From: Nadezhda Tacheva <73842592+ntacheva@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:19:38 +0200 Subject: [PATCH 2/3] Update security/overview.md Co-authored-by: Dimo Dimov <961014+dimodi@users.noreply.github.com> --- security/overview.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/overview.md b/security/overview.md index e78db5afd5..0247640bc6 100644 --- a/security/overview.md +++ b/security/overview.md @@ -47,9 +47,9 @@ For more information, visit: Progress follows defined timelines for remediating vulnerabilities based on their severity levels, ensuring a structured and efficient approach to maintaining security across all products. These guidelines are aligned with CVSS (Common Vulnerability Scoring System) scoring: -- **Critical scored issues (CVSS 9.0+):** Resolved within **30 days**. -- **High scored issues (CVSS 7.0–8.9):** Resolved within **60 days**. -- **Medium or lower scored issues (CVSS < 7):** Resolved within **90–120 days**, depending on the score. +- **Critical score issues (CVSS 9.0+):** Resolved within **30 days**. +- **High score issues (CVSS 7.0–8.9):** Resolved within **60 days**. +- **Medium or lower score issues (CVSS < 7):** Resolved within **90–120 days**, depending on the score. While these are not strict SLA (Service Level Agreement), they serve as a commitment to providing timely resolutions for identified vulnerabilities. From c692987ffecf4fd339163d6378501ace0c51e2ae Mon Sep 17 00:00:00 2001 From: Nadezhda Tacheva <73842592+ntacheva@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:19:45 +0200 Subject: [PATCH 3/3] Update security/overview.md Co-authored-by: Dimo Dimov <961014+dimodi@users.noreply.github.com> --- security/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/overview.md b/security/overview.md index 0247640bc6..6a8d412147 100644 --- a/security/overview.md +++ b/security/overview.md @@ -45,7 +45,7 @@ For more information, visit: ## Vulnerability Remediation Guidelines -Progress follows defined timelines for remediating vulnerabilities based on their severity levels, ensuring a structured and efficient approach to maintaining security across all products. These guidelines are aligned with CVSS (Common Vulnerability Scoring System) scoring: +Progress follows defined timelines for remediating vulnerabilities based on their severity level, ensuring a structured and efficient approach to maintaining security across all products. These guidelines are aligned with the CVSS (Common Vulnerability Scoring System) scoring: - **Critical score issues (CVSS 9.0+):** Resolved within **30 days**. - **High score issues (CVSS 7.0–8.9):** Resolved within **60 days**.