At Context we are committed to ensuring and improving the security of our clients. Whether for clients or our own purposes, we regularly carry out independent security audits and vulnerability research against third-party software and hardware products. With the ever increasing number of vulnerabilities identified during these independent assessments, Context has elected to publish its disclosure policy that governs our approach to reporting vulnerabilities to affected vendors in order for fixes to be released.
This policy has been designed to protect our clients, vendors and users of affected products in equal measures. We believe that providing adequate time for a vendor to issue fixes for critical vulnerabilities, whilst maintaining disclosure timeframes provides the best balance for all parties involved.
We endeavour to review, and if deemed appropriate, amend this policy regularly. Please feel free to contact us for more details at ZeroDay@contextis.com.