Centric Software Vulnerability Reporting

Centric Software considers vulnerability reporting to be an important part of our information security program and values the role of independent security researchers. Responsible reporting of potential security issues is taken seriously and follows our established vulnerability disclosure procedures. This page describes the approach used to address potential vulnerabilities in Centric Software products and services.

Reporting Potential Vulnerabilities

Existing Centric Software customers are expected to use the support portal to report any issues for any product or service through https://www.centricsoftware.com/support. Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Centric Software Security team email address security@centricsoftware.com. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each report should ideally include a detailed description of the vulnerability, the perceived risk, the targeted scope and its level, POC and any supporting materials.

Evaluation Process

Centric Software will acknowledge the receipt of any non-customer vulnerability reporting within a reasonable timeframe. Customers’ reporting process is based on our support policies. All submissions will be evaluated and dispatched to the relevant teams and will be treated as strictly confidential. Protecting our customers and users is a top priority. We therefore ask that you provide us with ample time to address the security concerns and await our solution before making any public disclosures.

Scope

This program covers the Centric Software website, www.centricsoftware.com, and all Centric Software products and services.

Terms and Conditions

By submitting a report about vulnerabilities, security threats and/or workaround proposals (hereinafter, “Vulnerability Report”) to Centric Software, Inc. and/or its affiliates (hereinafter “Centric Software”):

You agree that Centric Software may use such Vulnerability Report to update and/or improve its software; products or services, and You grant to Centric Software a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license, with the right to sublicense to Centric Software’s licensees and customers, under all relevant intellectual property rights, to use, publish, and disclose such Vulnerability Report in any manner Centric Software chooses and to display, perform, copy, make, have made, use, sell, and otherwise dispose of Centric Software’s and its sublicensee’s software, products or services embodying Vulnerability Report in any manner and via any media Centric Software chooses, without reference to the source. Centric Software shall be entitled to use the Vulnerability Report for any purpose without restriction or remuneration of any kind with respect to You and/or Your representatives; AND
You agree not to engage in any activity that can potentially or actually cause harm to Centric Software and/or Centric Software’s customers, users or employees; and You, therefore, agree to keep confidential and refrain from disclosing to any third party the Vulnerability Report or any information about threats and vulnerabilities of Centric Software‘s software, products or services without Centric Software’s prior written consent and, in all cases, before a fix and/or patch has been made available and communicated by Centric Software to impacted customers or users; AND

You agree to avoid and prevent any impact to the safety or privacy of anyone; AND

You agree not to engage in any activity that violates the laws or regulations of any country where (i) data, assets, or systems reside, (ii) data traffic is routed, or (iii) You are conducting research activity; AND

You agree to adhere to the applicable laws and comply with all applicable software license requirements.