Vulnerability Disclosure Policy

1. Purpose

SecureAuth established this policy to manage security vulnerability reporting and resolution. The company commits to addressing vulnerabilities promptly while keeping customers and the broader technology community informed about identified issues in their products and services.

2. Reporting Vulnerabilities

Security researchers and customers should contact SecureAuth's Computer Security Emergency Response Team (CSERT) by:

• Submitting reports through the secure support portal at support.secureauth.com
• Using either the "Product Vulnerability Report Form" or "Service Vulnerability Report Form"
• Reporting potential security vulnerabilities in SecureAuth products or services

Important notes:

• These forms are exclusively for vulnerability reports, not technical support
• The company uses the secure portal to maintain confidentiality during sensitive exchanges
• SecureAuth aims to acknowledge all submitted reports within seven days

3. Information Distribution

SecureAuth communicates security vulnerability information through multiple channels:

• Email notifications to registered support contacts about identified vulnerabilities
• Notices and advisories typically issued when practical workarounds or fixes become available
• Public forums including newsgroups and electronic mailing lists on an ad hoc basis
• Coordination with the formal incident response community

The company reserves discretion regarding notice timing, content, and whether to issue notices at all. No particular level of response is guaranteed for any specific issue or class of issues. All procedures remain subject to change without notice and case-by-case exceptions.