Scope

This page describes when and how we release security bug fixes for our products.

Security Bugfix Service Level Agreement (SLA)

We attempt to meet the following time frames for fixing security issues.

  • Critical severity bugs  should be fixed in the product within 2 weeks of being reported.
  • High severity bugs   should be fixed in the product within 3 weeks of being reported.
  • Medium severity bugs  should be fixed in the product within 4 weeks of being reported.
  • Low severity bugs should be fixed in the product within 8 weeks of being reported.

Critical vulnerabilities

When a Critical security vulnerability is discovered Lexzur will do all of the following:

  • Inform affected clients about this vulnerability & suggest a workaround if possible.
  • Issue a new, fixed release for the current version of the affected product as soon as possible.
  • No labels