Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before planning to report a vulnerability to us, there are several items that you need to make sure are in place.

  •  

    Apply security guidelines for Production Deployements 

...

  • Do security hardening


Make sure guidelines provided under [Security Guidelines for Production Deployment#WSO2product-levelsecurity] are properly followed. Those guidlines might mitigate the security concern you are experiencing.


  • Install existing security patches 

This is mentioned in the above guidelines as well, but need to emphasis the importance, because the vulnerabilities that you find in a distribution downloaded from our site might have been already fixed by us. Security patches issued by us could be found at [https://wso2.com/security-patch-releases].

Warning

Before running an automated security scan or performing a penetration test, please make sure these prerequisites are done.

Responsible Disclosure of Vulnerabilities

...

Please use the following template in reporting vulnerabilities :in order to make it useful and to help us to provide a quick mitigation.

  • Vulnerable WSO2 products(s) and version(s)
  • Overview: High-level overview of the issue and
  • self-assessed severity
  • Description: Include the steps
  • Steps to reproduce
  • Impact: Self-assessed severity and impact
  • Solution: Any proposed solution