Keeping our customers safe is our primary concern. Snow has a Secure Development Lifecycle to integrate security into its products from design, through development and release. However, sometimes vulnerabilities escape detection, or exploits are released after the product is already on the market.
We investigate all vulnerability reports and will implement the best course of action to protect our customers. If you are a security researcher and have discovered a security vulnerability in our products, we would appreciate your help in disclosing it to us in a responsible manner.
If you identify a verified vulnerability in compliance with our Responsible Disclosure Policy, we commit to:
- Provide acknowledgement of receipt of your vulnerability report (within 48 business hours of submission)
- Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together
- Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated
- Publicly acknowledge your responsible disclosure (if you wish)
Please contact us via firstname.lastname@example.org.
Snow CIO and General Counsel reviews our Vulnerability Disclosure policy from a legal and operational perspective on a yearly basis.