Vulnerability Disclosure Policy

runZero believes that timely and coordinated disclosure of security vulnerabilities is in the best interest of the public and our customers. runZero works with the CERT/CC organization using VINCE platform as part of our 60-day disclosure process.

  • Day 1: runZero will provide detailed information about the vulnerabilities to the appropriate party by email.
  • Day 15: runZero will share these details with CERT/CC using the VINCE platform.
  • Day 60: runZero and CERT/CC will publish an advisory containing the details the vulnerabilities.

This schedule may change to accommodate weekends, holidays, and extenuating circumstances. The resulting advisory will be published on the runZero website.

If you believe you have found a vulnerability in the runZero product or infrastructure, please refer to our security page for details on how to report this issue.

© Copyright 2024 runZero, Inc. All Rights Reserved