The following describes how and when we resolve security bugs in our products. It does not describe the complete disclosure or advisory process that we follow.
Open Source Consulting Inc. sets service level objectives for fixing security vulnerabilities based on the security severity level and the affected product. We have defined the following timeframes for fixing security issues in our products:
Accelerated Resolution Timeframes
Critical severity bugs to be fixed in product within 2 weeks of being verified
High severity bugs to be fixed in product within 4 weeks of being verified
Medium severity bugs to be fixed in product within 6 weeks of being verified
Low severity bugs to be fixed in product within 25 weeks of being verified
Extended Resolution Timeframes
These timeframes apply to all self-managed products of Open Source Consulting Inc..
Critical, High, and Medium severity bugs to be fixed in product within 90 days of being verified
Low severity bugs to be fixed in product within 180 days of being verified
Critical Vulnerabilities
When a Critical security vulnerability is discovered by Open Source Consulting Inc. or reported by a third party, Open Source Consulting Inc. will do all of the following:
Issue a new, fixed release for the current version of the affected product as soon as possible.
Issue a new maintenance release for a previous version.
It is important to stay on the latest bug fix release for the version of the product you are using (this is best practice).
The critical vulnerabilities resolution process does not apply to our Cloud products as these services are always fixed by Open Source Consulting Inc. without any additional action from customers.
When a security issue of a High, Medium or Low severity is discovered, Open Source Consulting Inc. will aim to release a fix within the service level objectives listed at the beginning of this document. The fix may also be backported to Long Term Support releases, if feasible.
You should upgrade your installations when a bug fix release becomes available to ensure that the latest security fixes have been applied.
Severity level of vulnerabilities is calculated based on Severity Levels for Security Issues.
We will continuously evaluate our policies based on customer feedback and will provide any updates or changes on this page.
Get started with a trial for your business
Don't struggle with our apps. Our dedicated team is always available
to help you with any concerns you may have with our products.
Get the inside scoop, previews,
news and other fun stuff.
5F, Narakium Bldg., 32, Teheran-ro 83-gil,, Gangnam-gu, Seoul, Republic of Korea
Tel.+82-2-516-0711 E-mail. atlassian_apps@osci.kr
© Open Source Consulting Inc. All rights reserved.
5F, Narakium Bldg., 32, Teheran-ro 83-gil, Gangnam-gu, Seoul, Republic of Korea
Tel.+82-2-516-0711 E-mail. atlassian_apps@osci.kr
© Open Source Consulting Inc. All rights reserved.