©2017 by AGILIST.Ai Pty Ltd

SECURITY VULNERABILITY PROCESS

Scope

The following describes how and when we resolve security bugs in our products. It does not describe the complete disclosure or advisory process that we follow.


Security bug fix Service Level Agreement (SLA)

We have defined the following timeframes for fixing security issues in our products:

  • Critical severity bugs (CVSS v2 score >= 8, CVSS v3 score >= 9) to be fixed in product within 4 weeks of being reported

  • High severity bugs (CVSS v2 score >= 6, CVSS v3 score >= 7) to be fixed in product within 6 weeks of being reported

  • Medium severity bugs (CVSS v2 score >= 3, CVSS v3 score >= 4) to be fixed in product within 8 weeks of being reported


The following critical vulnerabilities resolution policy applies to Neelix Delivery Manager for Jira as offered via Attlassian Jira Marketplace.


Critical Vulnerabilities

When a Critical security vulnerability is discovered by us or reported by a third party, following will be untertaken:

  • Issue a new, fixed release for the cloud deployment; All clients be protected provided users reload their web browser.


Non-critical vulnerabilities

  • When a security issue of a High, Medium or Low severity is discovered, we will include a fix in the next scheduled release.

  • The only requirement is for users to refresh web browser session when the fix is advertised.


FAQ

What is the deployment solution for Neelix Task Manager?

  • Neelix backend processes operate in GCP and client is served from the AppEngine.

What is a ‘release’?

  • A  release is a version (for example 2.2.3) which contains new features or changes to existing features.