At Saviynt we work diligently to identify and correct any security issues found in our products. Customers and the research community who believe they have identified a security issue or vulnerability in one of our products are encouraged to contact email@example.com.
Saviynt seeks to mitigate the risk associated with security vulnerabilities that may be discovered in our products. We aim to accomplish this objective by analyzing reported and discovered vulnerabilities and providing our customers with timely information, analysis, and guidance on appropriate mitigation by ensuring that our Responsible Disclosure Policy allows our customers and our affiliated research community an opportunity to notify us of security threats that may impact the safety of our customers.
Saviynt will engage with our customers and the research community when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. After investigating and validating a reported vulnerability, Saviynt will strive to create an appropriate remedy, if we believe a remedy is required. A remedy may take the form of:
This program is limited to Saviynt customers and affiliates.
We encourage customer and research community observations made through normal usage of our applications. If you obtain data or personal identifiable information without authorization you are required to delete all instances of that data, logically and in some cases physically. You are kindly requested to inform us of this. We ask that you also:
While we encourage you to discover and report to us any vulnerabilities you find, we expect that you will abide the law and your contractual agreements in doing so.
If you have discovered a vulnerability, please collect and send as many of the following points as possible to firstname.lastname@example.org:
After you have submitted your report, we will respond to your report as soon as possible. Vulnerability reports might take some time to triage or address and Saviynt will not disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.
Saviynt will as appropriate, publish information about security fixes in our products in the release notes.