Vulnerability Management Policy
Object First follows a resilient and robust product security and vulnerability management policy.
Object First puts a heavy emphasis on ensuring the security of our products and services since the release of our first product and throughout the entire company history. We always use extensive vulnerabilities testing programs, conduct periodical developer training, and implement secure design principles. As well, Object First constantly works on improving extending its security development policies.
Object First adheres to the following process to address vulnerabilities and inform our customers:
Our products and services are constantly and strictly analyzed for known vulnerabilities. This involves mandatory scans of all ready-to-release products and features inside the organization prior to the actual product release and delivery to the customers.
Object First makes sure to inform the customers in case the vulnerabilities are discovered. This is achieved by automatic notification of any vulnerability discovered to the customers who are subscribed for Object First Security updates. This allows our customers to always stay informed and undertake the appropriate actions to ensure their business proper operation.
Verification of the fixes
Object First always first tests the fix to the identified vulnerability through a thorough QA cycle. Once the fix has been verified, we release a private security update and notify our customers about it as well as steps required to apply it. The Object First security updates are delivered separately (for the subscribers or on-demand) and all of them are included as part of general Object First build updates.
Once the resolution to the vulnerability is found, tested, and verified, we notify our customer about the resolution process and the steps required to resolve the vulnerability.
Object First security and vulnerability information-delivery methods:
- Security Notice – informs customers about the security vulnerabilities that can affect Object First products and require an upgrade or specific customer action to remediate.
- Security Bug Report – informs customers about low-level security vulnerabilities and can be resolved by a standard build upgrade procedure.
Security updates delivery
Object First as a company issues private security updates. Once notification about the potential vulnerability fix is received, a customer who is subscribed to the Object First Security updates, receives notice on the remediation process steps. To receive a private security update, subscribe to Object First Security updates or submit a request via Object First support form - https://www.objectfirst.com/ with the description the vulnerability that is under the consideration.