Security Bug Fix Policy
The following describes how and when we fix issues with defined severity in our products.
DevOpsSystem sets goals for fixing security vulnerabilities based on the severity of the vulnerability and the product affected. We have established and plan to adhere to the following timeframes for remediating security issues in our products:
Accelerated remediation timeframe. The timeframe starts after the issue and its severity is confirmed by us.
Critical bugs: will be fixed within 2 weeks in the product.
High severity bugs: will be fixed within 4 weeks in the product.
Medium severity bugs: will be fixed within 6 weeks in the product.
Bugs with low severity, will be scheduled in the next official release.
The time frame applies to all commercial products at:
https://marketplace.atlassian.com/vendors/1211202/