Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Vulnerability Reporting & Disclosure Policy

            PROPRIETARY


            This policy establishes mandatory requirements for reporting, handling, and disclosing security vulnerabilities affecting MathCraft Security Technologies’ products and toolkits. The objective is to ensure vulnerabilities are managed in a controlled, consistent, and compliant manner in alignment with CMMC 2.0, NIST SP 800-171, and internal information security governance. 


            All vulnerability reports shall be submitted exclusively using both of the following methods:

            • Email: security@mathcraft.com
              The vulnerability remediation team is notified through the designated email channel and handles the remediation.

            • Support Portal: Submit a ticket using the Report a Vulnerability ticket form.
              Once the vulnerability is remediated, the fix is provided to the development team for inclusion in the next release cycle.


            Reports should include as much technical detail as possible to support proper analysis, validation, and remediation in accordance with MathCraft’s secure incident handling procedures.


            If an acknowledgment is not received within three (3) business days, reporters may submit a follow-up only through the same approved channels listed above. Direct contact with MathCraft personnel, alternative communication methods, or escalation outside of this process is not permitted.


            MathCraft adheres to the principles of Coordinated Vulnerability Disclosure [CVD] to ensure the confidentiality, integrity, and availability of affected systems and data. All vulnerability handling activities are governed by formally approved security policies and procedures which cannot be altered, bypassed, expedited, or overridden, regardless of severity or urgency.


            Failure to follow this prescribed reporting process may result in delayed assessment or remediation.


            MathCraft Security Technologies follows a structured Coordinated Vulnerability Disclosure process to ensure vulnerabilities are addressed responsibly and securely.


            Under this model, individuals or organizations that discover potential security weaknesses report their findings directly to MathCraft's Communication Channel. This approach allows MathCraft to validate the issue, assess risk, and develop appropriate corrective actions such as patches, mitigations, or compensating controls before technical details are made public.

            Throughout the investigation lifecycle, MathCraft may coordinate with the reporting party to exchange information, clarify findings, and provide status updates. Once remediation is complete, MathCraft may, at its discretion, acknowledge the contributor or document the issue in release communications.

             In situations where active exploitation is identified prior to remediation, MathCraft will manage disclosure in a controlled manner to provide customers with timely, accurate guidance while minimizing risk. All disclosure decisions are governed by internal security policy and are executed to preserve system integrity, protect sensitive information, and reduce potential harm.


            We appreciate you reporting the vulnerability and thank you for your patience.



            Preview
            0 of 0