Report a Vulnerability

Modified on Tue, Apr 16 at 9:48 AM


If you believe you have found a security vulnerability on our product and/or its dependency managed by MathCraft Security Technologies, please submit that report and finding to us as soon as possible through email: security@mathcraft.com as well as submitting a Ticket by selecting CVE as the Ticket Category. 


Please include as much detail as you can; this will help us understand the issue and fix it quickly.


If you do not receive a response in 3 business days, please follow up as we may not have received your message. Please do not submit a ticket or follow up with MathCraft Personnel directly.


MathCraft follows the procedure of Coordinated Vulnerability Disclosure (CVD) and, to protect the ecosystem, we request that those reporting do the same.


For additional information on the CVD process, please read the following, which is Microsoft's definition of how the process works:


Under the principle of Coordinated Vulnerability Disclosure, researchers disclose newly discovered vulnerabilities in hardware, software, and services directly to the vendors of the affected product; to a national CERT or another coordinator who will report to the vendor privately; or to a private service that will likewise report to the vendor privately. The researcher allows the vendor the opportunity to diagnose and offer thoroughly tested updates, workarounds, or other corrective measures before any party discloses detailed vulnerability or exploit information to the public.

The vendor coordinates with the researcher throughout the vulnerability investigation and provides the researcher with updates on case progress. Upon release of an update, the vendor may recognize the finder for the research and privately report the issue. However, if attacks are underway in the wild, and the vendor is still working on the update, then both the researcher and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers. The aim is to provide timely and consistent guidance to customers to help them protect themselves.


We appreciate you reporting the vulnerability and thank you for your patience.