Provation Security Vulnerability Reporting and Incident Management

Vulnerability Disclosure Policy & Philosophy

Provation believes that effective disclosure of security vulnerabilities requires mutual trust, respect, transparency, and a commitment to the common good between Provation and Security Researchers. Together, our vigilant expertise ensures the continued security and privacy of Provation’s customers and software solutions.

Should you find a vulnerability:

• Write a detailed report with step-by-step instructions to reproduce the vulnerability.
• Avoid disclosing the vulnerability publicly or to any third parties until the issue is resolved.
• Make a good-faith effort to ensure compliance with applicable laws and regulations regarding the privacy of Provation customer data.
• Never view, destroy, or tamper with Provation customer data that does not belong to you.

What we’ll do:

• Review your report as soon as we can.
• If we’re unable to reproduce the issue, we’ll reach out for further clarification on the vulnerability.

Product Security Incident Report Policy

Provation utilizes a Product Security Incident Report Policy to focus on managing and minimizing risks associated with security vulnerabilities in our software solutions. It involves:

• Vulnerability Management: Identification, assessment, prioritization, and addressing of vulnerabilities.
• Reporting Process: Encourages reports of potential vulnerabilities via a secure form.
• Escalation Procedures: A systematic approach to handle reported vulnerabilities.
• Classification and Prioritization: Based on severity and impact, using Common Vulnerability Scoring System (CVSS) scores and Provation’s ratings.
• Coordination with Stakeholders: Includes using commercial incident investigation firms and internal communication tools.

Report a Potential Vulnerability

To report a vulnerability, please click the button below. We aspire to respond to submitters in a timely manner regarding the status of the potential finding. We appreciate your patience and dedication to improving the security of products at Provation.