KX Product Security Incident Response and Disclosure Process
At KX, ensuring the security of our products and protecting customer data is a top priority.
KX Product Security Incident Response and Disclosure Process
This Product Security Incident Response Team (PSIRT) process outlines the steps we take to manage security incidents related to our products, and how we work with customers and partners to resolve these issues promptly. It covers the identification, assessment, response, and communication of security vulnerabilities and incidents.
Scope
This program covers all vulnerabilities found in Open Source, Third Party or KX code that has been distributed to our customers. It applies to the current release and the previous release of any KX products that have not reached end of life (EOL).
PSIRT process consists of four stages
Upon receiving a vulnerability, it will be assigned to our internal team for investigation and triage. We will work closely with you to gather additional details if needed and provide updates on the vulnerability status including the timeline for the resolution and any interim mitigation steps that can be taken to contain the vulnerability. We prioritize remediation based on the severity levels, ensuring the most critical vulnerabilities are addressed first.
Reporting Vulnerabilities
We encourage customers, security researchers, and other external stakeholders to report any potential security vulnerabilities in our products.
We ask that you provide as much detail as possible to help us reproduce and analyze the issue, including:
Description of the vulnerability
Products and versions affected
Steps to reproduce the issue
Impact on the system or data
You can report a vulnerability via:
*You will only be able to submit a support case on the KX support portal if you are a customer or an entitled user of KX product or solution.
Collaboration with Security Researchers
We highly value the contributions of the security research community and actively encourage responsible disclosure.
