Responsible Disclosure Policy
Arbor Networks' products are trusted to protect the world's largest, most distributed network environments. In order to maintain that trust and keep our customers safe, we investigate and respond to vulnerability reports as quickly and effectively as possible. We place a high priority on responding to any security concerns related to our products.
In the best interest of our customers and Internet users worldwide, we ask that you follow the guidelines of responsible disclosure:
- Do not publicly disclose part or all of the vulnerability until we have had a chance to investigate and address it.
- Do allow us a reasonable timeframe to respond back to you and address the vulnerability before making any information public.
- If you are customer, do patch your system as quickly as possible. It is customary to expect patching to be completed within 30 days after release of a security patch or update. We advise our customers that those who exploit security systems often do so by reverse engineering published security updates and therefore encourage our customers to patch promptly.
How to Report a Vulnerability
If you do not wish to submit your report via email, you may use our secure submission form.
To help us quickly identify and fix the vulnerability, please include the following information in your report:
- The type of vulnerability (remote code execution, XSS, information disclosure, etc.)
- The Arbor Networks product affected (including the model and version number)
- Exact steps to reproduce the issue (please include proof-of-concept code, if possible)
- Your name and contact information in order for us to publicly acknowledge your submission
- Any additional information that could be relevant.
Our Thanks to You
Arbor Networks greatly appreciates the efforts of those security researchers who identify vulnerabilities and work with us to ensure that we can develop a fix and issue it to all our customers. We thank you for going out of your way to help us minimize the risk to our customers as well as help us in our vision to improve the overall security of our products and the Internet as a whole.