1. Introduction
Media Wolf is committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for Media Wolf customers, partners, staff, and all Internet users. This policy applies to vulnerabilities discovered anywhere by Media Wolf staff and by others in Media Wolf services.
2. Reporting Security Issues
If you believe you have discovered a vulnerability in a Media Wolf service or have a security incident to report, please fill out this contact form. We appreciate the use of the Common Vulnerability Scoring System.
Once we have received a vulnerability report, Media Wolf takes a series of steps to address the issue:
- Media Wolf requests the reporter keep any communication regarding the vulnerability confidential.
- Media Wolf investigates and verifies the vulnerability.
- Media Wolf addresses the vulnerability and releases an update or patch within 90 days. If for some reason this cannot be done within this timeframe or at all, Media Wolf will provide information on recommended mitigations.
- Media Wolf publicly announces the vulnerability in the release notes of the update. Media Wolf may also issue additional public announcements, for example via social media.
- Release notes (and blog posts when issued) include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.
Media Wolf will endeavour to keep the reporter apprised of every step in this process as it occurs. We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services and better protect our customers. Thank you for working with us through the above process.
3. Security Issues found by Media Wolf
Once we have found a vulnerability in another vendor’s products, Media Wolf takes a series of steps to address the issue:
- Media Wolf will convene their vulnerability analysis team. This team, led by the CTO, is solely responsible for determining the severity of the vulnerability and managing the disclosure process.
- Media Wolf will keep any communication confidential regarding the vulnerability until the completion of the disclosure process.
- Media Wolf will attempt to contact the appropriate product vendor by email and telephone.
- Media Wolf will provide the vulnerability details to the vendor.
- Media Wolf will prepare and publish an advisory detailing the vulnerability at least 90 days after initial attempts at disclosure at stage 2 above, barring extenuating circumstances. This advisory will be made available to the general public via Media Wolf’s social media.