{"id":31983,"date":"2025-12-09T18:13:16","date_gmt":"2025-12-09T23:13:16","guid":{"rendered":"https:\/\/it-prosolution.com\/trust-center\/?page_id=31983"},"modified":"2026-04-25T23:43:30","modified_gmt":"2026-04-26T03:43:30","slug":"product-security-assurance","status":"publish","type":"page","link":"https:\/\/it-prosolution.com\/trust-center\/product-security-assurance\/","title":{"rendered":"Product security assurance"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"31983\" class=\"elementor elementor-31983\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ce8a130 elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-equal-height-no\" data-id=\"ce8a130\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"aux-parallax-section elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b06536b\" data-id=\"b06536b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9355790 elementor-widget elementor-widget-aux_modern_heading\" data-id=\"9355790\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"aux_modern_heading.default\">\n\t\t\t\t\t<section class=\"aux-widget-modern-heading\">\n            <div class=\"aux-widget-inner\"><h2 class=\"aux-modern-heading-primary\"><\/h2><h3 class=\"aux-modern-heading-secondary\"><span class=\"aux-head-before\">IPS Product Security Assurance &amp;<\/span><span class=\"aux-head-highlight\">Vulnerability Disclosure Policy<\/span><\/h3><\/div>\n        <\/section>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da5f97e elementor-widget elementor-widget-heading\" data-id=\"da5f97e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Overview<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1613d17 elementor-widget elementor-widget-text-editor\" data-id=\"1613d17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>At IPS Network Inc. (\u201cIPS\u201d), our mission is to deliver secure, resilient, and trustworthy technologies that protect modern digital infrastructures across cloud, network, data, and AI environments. Security is embedded into every stage of our product lifecycle\u2014from initial architecture to continuous operations.<\/p><p>IPS aligns its security assurance and vulnerability handling processes with globally recognized standards, including:<\/p><ul><li>ISO\/IEC 29147:2018 (Vulnerability Disclosure)<\/li><li>ISO\/IEC 30111:2019 (Vulnerability Handling)<\/li><li>FIRST PSIRT Services Framework 1.0<\/li><\/ul><p>Our commitment to transparency, responsibility, and customer protection reflects our core values: innovation, integrity, reliability, and partnership.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-158becf elementor-widget elementor-widget-heading\" data-id=\"158becf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Scope<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ddd750 elementor-widget elementor-widget-text-editor\" data-id=\"8ddd750\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This policy covers all IPS products and services, including:<\/p><ul><li>IPS OneSecure\u2122 Platform<\/li><li>IPS Intelligent GenAI &amp; AI Security Services<\/li><li>IPS Cloud, Network &amp; Zero Trust Solutions<\/li><li>IPS Professional &amp; Managed Services<\/li><li>Any IPS-hosted open-source projects<\/li><\/ul><p>Only products that have not reached their End-of-Life (EoL) phase fall within this scope.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f14fc7 elementor-widget elementor-widget-heading\" data-id=\"9f14fc7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">IPS Product Security Incident Response Team (PSIRT)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-260175c elementor-widget elementor-widget-text-editor\" data-id=\"260175c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The IPS PSIRT is a dedicated team of security professionals responsible for:<\/p><ul><li>Receiving and triaging reported vulnerabilities<\/li><li>Validating, reproducing, and assessing security issues<\/li><li>Coordinating remediation with engineering teams<\/li><li>Verifying fixes and risk mitigations<\/li><li>Issuing security advisories and customer notifications<\/li><\/ul><p>The PSIRT ensures a consistent, transparent, and industry-aligned vulnerability response for all IPS products and services.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-754d72a elementor-widget elementor-widget-heading\" data-id=\"754d72a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Reporting Vulnerabilities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5c62b8 elementor-widget elementor-widget-text-editor\" data-id=\"c5c62b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS welcomes responsible disclosure from customers, researchers, partners, and the security community.<\/p><p>You may report vulnerabilities through the following channels:<\/p><p><strong>1. Vulnerability Report Submission Form<\/strong><\/p><p><a href=\"https:\/\/it-prosolution.com\/incident-request\/\">Follow this link<\/a><\/p><p><strong>2. Email<\/strong><\/p><p>urgent@it-prosolution.com<\/p><p>If needed, IPS can provide a PGP key to encrypt sensitive submissions.<\/p><p data-start=\"2578\" data-end=\"2614\"><strong>3. Customer Support Portal<\/strong><\/p><p data-start=\"2615\" data-end=\"2691\">Customers may submit potential issues through an authenticated support case.<\/p><p data-start=\"2693\" data-end=\"2849\">IPS respects Traffic Light Protocol (TLP) labels attached to shared information, and treats all non-public vulnerability details as highly confidential.<\/p><p data-start=\"2851\" data-end=\"2989\">To protect customers, IPS requests that reporters do not publish information publicly until IPS has validated and addressed the issue.<\/p><p data-start=\"2991\" data-end=\"3127\">For issues involving IPS corporate IT infrastructure (not IPS products), reporters may use our dedicated Responsible Disclosure channel.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d1d3df9 elementor-widget elementor-widget-heading\" data-id=\"d1d3df9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerability Response &amp; Remediation Process<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9b2e7b elementor-widget elementor-widget-text-editor\" data-id=\"a9b2e7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><strong>1. Acknowledgment<\/strong><\/p><p>IPS generally acknowledges reports within one business day, providing a tracking identifier.<\/p><p><strong>2. Analysis &amp; Reproduction<\/strong><\/p><p>PSIRT and engineering teams reproduce and assess the issue to determine:<\/p><ul><li>Severity<\/li><li>Impact<\/li><li>Affected products and versions<\/li><li>Customer exposure<\/li><\/ul><p><strong>3. Remediation<\/strong><\/p><p>Engineering teams work to implement, test, and validate fixes across supported versions.<br \/>Cloud-delivered services may be updated rapidly, while on-premise products follow regular release cycles.<\/p><p><strong>4. Validation<\/strong><\/p><p>PSIRT verifies that each fix fully resolves the vulnerability.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-323b114 elementor-widget elementor-widget-heading\" data-id=\"323b114\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Proactive Security Practices<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ccb4e0d elementor-widget elementor-widget-text-editor\" data-id=\"ccb4e0d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS actively performs:<\/p><ul><li>Internal security assessments<\/li><li>Third-party penetration testing<\/li><li>Continuous monitoring of upstream libraries, open-source components, and third-party dependencies<\/li><li>Risk reviews during product development and maintenance<\/li><\/ul><p>This ensures early detection and mitigation of emerging threats.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ee817ed elementor-widget elementor-widget-heading\" data-id=\"ee817ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Secure Software Development Lifecycle<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2d714a4 elementor-widget elementor-widget-text-editor\" data-id=\"2d714a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS follows a Security-by-Design methodology, including:<\/p><ul><li>Threat modeling and secure architecture reviews<\/li><li>Code analysis and automated security testing<\/li><li>Dependency audits<\/li><li>Hardening, verification, and continuous improvements<\/li><\/ul><p>IPS\u2019s broader approach to product, infrastructure, and data security is detailed in the IPS Trust &amp; Security Program.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f3e970 elementor-widget elementor-widget-heading\" data-id=\"0f3e970\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Response Prioritization<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dfba2e5 elementor-widget elementor-widget-text-editor\" data-id=\"dfba2e5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS uses CVSS v4.0 scoring (CVSS-B \/ CVSS-BT) to prioritize remediation, considering:<\/p><ul><li>Severity<\/li><li>Exploitation potential<\/li><li>Active exploitation (\u201c0-day\u201d)<\/li><li>Customer impact<\/li><li>Public disclosure timing<\/li><\/ul><p>High-severity or actively exploited issues receive immediate priority.<\/p><p>Low-severity issues (CVSS &lt; 4.0) or improvements with no demonstrated customer impact may be addressed in future releases without requiring a formal advisory.<\/p><p>If an issue depends on third-party vendors, standards bodies, or upstream maintainers, IPS may publish mitigations and recommended configurations if no direct fix is possible.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b131b90 elementor-widget elementor-widget-heading\" data-id=\"b131b90\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Coordinated Vulnerability Disclosure<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5256162 elementor-widget elementor-widget-text-editor\" data-id=\"5256162\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\tWhen a reported issue affects multiple vendors, IPS engages in responsible multiparty coordination, following FIRST.org principles.\n\nIPS collaborates closely with researchers, partners, and affected vendors to ensure synchronized and safe disclosure.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2938e6 elementor-widget elementor-widget-heading\" data-id=\"d2938e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Security Advisories<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a5f7a1 elementor-widget elementor-widget-text-editor\" data-id=\"8a5f7a1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS publishes security advisories to ensure customers can take action when required.<\/p><ul><li>Advisories typically include:<\/li><li>Affected IPS products and versions<\/li><li>Severity and CVSS scores<\/li><li>Required configurations<\/li><li>Workarounds or mitigations<\/li><li>Fix availability<\/li><li>CVE identifiers (when applicable)<\/li><li>Researcher acknowledgments<\/li><\/ul><p><strong>Advisory Publication Timing<\/strong><\/p><ul><li>Critical or actively exploited issues: Published as soon as practicable.<\/li><li>Other issues: Published on a scheduled basis following availability of fixes for all supported versions.<\/li><\/ul><p>For IPS cloud services, advisories may not be published if:<\/p><ul><li>IPS fully resolves the issue internally, and<\/li><li>No customer action is required.<\/li><\/ul><p>IPS may provide maintenance logs for vulnerabilities resolved within IPS cloud infrastructure.<\/p><p>IPS participates in CVE assignment processes and adheres to CVE program operational rules.<\/p><p>Customers may subscribe to IPS Security Advisory notifications or RSS feeds.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb51991 elementor-widget elementor-widget-heading\" data-id=\"eb51991\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Acknowledgement Policy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20747e9 elementor-widget elementor-widget-text-editor\" data-id=\"20747e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS values contributions from the security community.<br \/>Researchers may be acknowledged in:<\/p><ul><li>IPS security advisories<\/li><li>CVE entries<\/li><li>IPS Hall of Fame (for issues without published advisories)<\/li><\/ul><p>Acknowledgement is provided only with the reporter\u2019s consent.<\/p><p>IPS may issue bounty rewards where applicable under the IPS Bug Bounty Program.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43f9993 elementor-widget elementor-widget-heading\" data-id=\"43f9993\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Escalation<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f6ef674 elementor-widget elementor-widget-text-editor\" data-id=\"f6ef674\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\tIf a reporter is dissatisfied with the handling of a case or has not received a timely update, escalation may be performed through IPS Customer Support.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6d635a elementor-widget elementor-widget-heading\" data-id=\"a6d635a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Legal Notes<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b456688 elementor-widget elementor-widget-text-editor\" data-id=\"b456688\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IPS supports good-faith security research.<br \/>If a researcher complies with IPS disclosure guidelines and acts responsibly, IPS:<\/p><ul><li>Considers the research authorized<\/li><li>Will not initiate legal action<\/li><li>Will support the researcher in case of third-party misunderstanding of authorized testing<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb49136 elementor-widget elementor-widget-heading\" data-id=\"fb49136\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Disclaimer<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-27e7660 elementor-widget elementor-widget-text-editor\" data-id=\"27e7660\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This policy may be updated at any time without notice.<br \/>IPS cannot guarantee specific response timelines or outcomes for individual reports.<br \/>Use of this policy or associated materials is at the user\u2019s own risk.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-611beea elementor-widget elementor-widget-heading\" data-id=\"611beea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Change History<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-178cb67 elementor-widget elementor-widget-text-editor\" data-id=\"178cb67\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Updated: January 2025 \u2014 Policy modernization and alignment with IPS OneSecure\u2122 platform<\/p><p>Published: February 2025 \u2014 Effective immediately<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>IPS Product Security Assurance &amp;Vulnerability Disclosure Policy Overview At IPS Network Inc. (\u201cIPS\u201d), our mission is to deliver secure, resilient, and trustworthy technologies that protect modern digital infrastructures across cloud, network, data, and AI environments. Security is embedded into every stage of our product lifecycle\u2014from initial architecture to continuous operations. IPS aligns its security assurance and vulnerability handling processes with globally recognized standards, including: ISO\/IEC 29147:2018 (Vulnerability Disclosure) ISO\/IEC 30111:2019 (Vulnerability Handling) FIRST PSIRT Services Framework 1.0 Our commitment to transparency, responsibility, and customer protection reflects our core values: innovation, integrity, reliability, and partnership. Scope This policy covers all IPS products and services, including: IPS OneSecure\u2122 Platform IPS Intelligent GenAI &amp; AI Security Services IPS Cloud, Network &amp; Zero Trust Solutions IPS Professional &amp; Managed Services Any IPS-hosted open-source projects Only products that have not reached their End-of-Life (EoL) phase fall within this scope. IPS Product Security Incident Response Team (PSIRT) The IPS PSIRT is a dedicated team of security professionals responsible for: Receiving and triaging reported vulnerabilities Validating, reproducing, and assessing security issues Coordinating remediation with engineering teams Verifying fixes and risk mitigations Issuing security advisories and customer notifications The PSIRT ensures a consistent, transparent, and industry-aligned vulnerability response for all IPS products and services. Reporting Vulnerabilities IPS welcomes responsible disclosure from customers, researchers, partners, and the security community. You may report vulnerabilities through the following channels: 1. Vulnerability Report Submission Form Follow this link 2. Email urgent@it-prosolution.com If needed, IPS can provide a PGP key to encrypt sensitive submissions. 3. Customer Support Portal Customers may submit potential issues through an authenticated support case. IPS respects Traffic Light Protocol (TLP) labels attached to shared information, and treats all non-public vulnerability details as highly confidential. To protect customers, IPS requests that reporters do not publish information publicly until IPS has validated and addressed the issue. For issues involving IPS corporate IT infrastructure (not IPS products), reporters may use our dedicated Responsible Disclosure channel. Vulnerability Response &amp; Remediation Process 1. Acknowledgment IPS generally acknowledges reports within one business day, providing a tracking identifier. 2. Analysis &amp; Reproduction PSIRT and engineering teams reproduce and assess the issue to determine: Severity Impact Affected products and versions Customer exposure 3. Remediation Engineering teams work to implement, test, and validate fixes across supported versions.Cloud-delivered services may be updated rapidly, while on-premise products follow regular release cycles. 4. Validation PSIRT verifies that each fix fully resolves the vulnerability. Proactive Security Practices IPS actively performs: Internal security assessments Third-party penetration testing Continuous monitoring of upstream libraries, open-source components, and third-party dependencies Risk reviews during product development and maintenance This ensures early detection and mitigation of emerging threats. Secure Software Development Lifecycle IPS follows a Security-by-Design methodology, including: Threat modeling and secure architecture reviews Code analysis and automated security testing Dependency audits Hardening, verification, and continuous improvements IPS\u2019s broader approach to product, infrastructure, and data security is detailed in the IPS Trust &amp; Security Program. Response Prioritization IPS uses CVSS v4.0 scoring (CVSS-B \/ CVSS-BT) to prioritize remediation, considering: Severity Exploitation potential Active exploitation (\u201c0-day\u201d) Customer impact Public disclosure timing High-severity or actively exploited issues receive immediate priority. Low-severity issues (CVSS &lt; 4.0) or improvements with no demonstrated customer impact may be addressed in future releases without requiring a formal advisory. If an issue depends on third-party vendors, standards bodies, or upstream maintainers, IPS may publish mitigations and recommended configurations if no direct fix is possible. Coordinated Vulnerability Disclosure When a reported issue affects multiple vendors, IPS engages in responsible multiparty coordination, following FIRST.org principles. IPS collaborates closely with researchers, partners, and affected vendors to ensure synchronized and safe disclosure. Security Advisories IPS publishes security advisories to ensure customers can take action when required. Advisories typically include: Affected IPS products and versions Severity and CVSS scores Required configurations Workarounds or mitigations Fix availability CVE identifiers (when applicable) Researcher acknowledgments Advisory Publication Timing Critical or actively exploited issues: Published as soon as practicable. Other issues: Published on a scheduled basis following availability of fixes for all supported versions. For IPS cloud services, advisories may not be published if: IPS fully resolves the issue internally, and No customer action is required. IPS may provide maintenance logs for vulnerabilities resolved within IPS cloud infrastructure. IPS participates in CVE assignment processes and adheres to CVE program operational rules. Customers may subscribe to IPS Security Advisory notifications or RSS feeds. Acknowledgement Policy IPS values contributions from the security community.Researchers may be acknowledged in: IPS security advisories CVE entries IPS Hall of Fame (for issues without published advisories) Acknowledgement is provided only with the reporter\u2019s consent. IPS may issue bounty rewards where applicable under the IPS Bug Bounty Program. Escalation If a reporter is dissatisfied with the handling of a case or has not received a timely update, escalation may be performed through IPS Customer Support. Legal Notes IPS supports good-faith security research.If a researcher complies with IPS disclosure guidelines and acts responsibly, IPS: Considers the research authorized Will not initiate legal action Will support the researcher in case of third-party misunderstanding of authorized testing Disclaimer This policy may be updated at any time without notice.IPS cannot guarantee specific response timelines or outcomes for individual reports.Use of this policy or associated materials is at the user\u2019s own risk. Change History Updated: January 2025 \u2014 Policy modernization and alignment with IPS OneSecure\u2122 platform Published: February 2025 \u2014 Effective immediately<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-31983","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/pages\/31983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/comments?post=31983"}],"version-history":[{"count":1,"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/pages\/31983\/revisions"}],"predecessor-version":[{"id":32417,"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/pages\/31983\/revisions\/32417"}],"wp:attachment":[{"href":"https:\/\/it-prosolution.com\/trust-center\/wp-json\/wp\/v2\/media?parent=31983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}