At Guardicore, vulnerability management begins in Product Development, where we use a variety of secure coding methods and analysis tools for vulnerability reduction. In some cases, vulnerabilities escape detection, or new types of exploits are designed after we release a product, resulting in potential for security breaches in our customer’s environments.
Our position is that we are responsible for disclosing product vulnerabilities to our customers, but in general, no vulnerability should be announced until we have developed and thoroughly tested a patch and made it available to licensed customers. Because our products are complex, interrelated, and used under many different configurations, we cannot provide software security patches according to a set timeline.
Each issue requires investigation, resolution, localization, and testing appropriate to its complexity. Some issues can be fixed and tested very quickly. Other issues may require more time.
We do commit that our development teams treat security fixes like critical bug fixes and will work round-the-clock to deliver a sound patch if a serious vulnerability is found.