Security Vulnerability Management Process - AppsFoundry

Introduction

The purpose of this Security Vulnerability Management Process is to outline a publicly documented and transparent approach to identifying, assessing, and resolving security vulnerabilities in AppsFoundry applications built on Atlassian Forge.

Roles and Responsibilities

1. Security Team: The Security Team is responsible for coordinating and overseeing the vulnerability management process, including vulnerability identification, assessment, and remediation.

2. Developers: Developers are responsible for implementing the necessary patches or updates to address identified security vulnerabilities.

Vulnerability Management Process

1. Vulnerability Reporting: AppsFoundry encourages users, customers, and security researchers to report any potential security vulnerabilities they may discover in our applications. Reports should be submitted via email to security@appsfoundry.com, providing a detailed description of the vulnerability, its potential impact, and any steps required to reproduce the issue.

2. Triage and Assessment: Upon receiving a vulnerability report, the Security Team will assess the reported vulnerability to determine its severity, scope, and potential impact on AppsFoundry applications and Atlassian Forge platform. The Security Team will prioritize vulnerabilities based on their severity and potential impact.

3. Remediation and Patching: Once a vulnerability has been assessed, the Security Team will work with developers to develop a plan for remediating the vulnerability, including the implementation of patches, updates, or configuration changes. Developers will implement the necessary fixes in a timely manner, depending on the severity of the vulnerability.

4. Verification and Testing: After implementing the remediation, the Security Team will verify that the vulnerability has been effectively addressed and conduct additional testing as needed to ensure the continued security and functionality of AppsFoundry applications.

5. Communication and Disclosure: AppsFoundry is committed to maintaining transparency and open communication about security vulnerabilities. We will notify affected users and customers of any security vulnerabilities that may directly impact their use of our applications and provide information on the remediation steps taken.

6. Continuous Improvement: The Security Team will regularly review and update the Security Vulnerability Management Process to ensure its effectiveness and adapt to any changes in the threat landscape or AppsFoundry applications.

By implementing this Security Vulnerability Management Process, AppsFoundry aims to maintain a proactive and transparent approach to managing security vulnerabilities, ensuring the protection of our applications and fostering trust with our users, customers, and security researchers.