Security Bug Fix Policy

Applicable for all Smart Checklist for Jira.Pro versions: Cloud, Server, and Data Center

Last updated: 21 August 2023

Introduction

The Security Bug Fix Policy (“Policy”) is intended to communicate to all Railsware Products Studio LLC. (“TitanApps”) free evaluation users (“Users”) and paid customers (“Customers”) the process that we follow when resolving security bugs in our products. This Policy does not provide details about the complete disclosure and advisory process that we follow. One may refer to the Security Breach Policy to find out further details.

Categories of Vulnerability Issues

At our company, we split all vulnerability issues into several categories:

Critical severity




Critical severity issues allow an attacker to:

  • Compromise servers or infrastructure devices

  • Exploit straightforward without any special authentication credentials or knowledge about individual victims



These issues are marked as Priority-0 and assigned to be fixed within 4 weeks of being reported.

High severity




High severity vulnerabilities are difficult to exploit and they allow an attacker to gain elevated privileges, as well as result in a significant data loss or downtime.


These issues are marked as Priority-1 and assigned to be fixed within 6 weeks of being reported.

Medium severity




High severity vulnerabilities allow an attacker to:

  • Exploit while residing on the same local network as the victim

  • Manipulate individual victims via social engineering tactics

  • Gain a very limited access to data and resources

  • Exploit only if he/she has user privileges

 

These issues are marked as Priority-2 and assigned to be fixed within 8 weeks of being reported.

Low severity

Low severity vulnerabilities are usually bugs that would normally be a higher severity, but which have extreme mitigating factors or highly limited scope.

 

These issues are marked as Priority-3 and assigned to be fixed within 10 weeks of being reported.


The best practice for the Users and Customers is to stay on the latest bug fix release for the version of the Smart Checklist for Jira Pro you are using. For example, if you are using Smart Checklist for Jira.Pro 4.7.0, you should upgrade to the latest version of the product proactively.

Non-critical vulnerabilities

When a security issue of a High, Medium, or Low severity is discovered, will include a fix in the next scheduled release.

The Users and Customers should upgrade their installations when a bug fix release becomes available to ensure that the latest security fixes have been applied.

Other information

We will continuously evaluate our policies based on customer feedback and will provide any updates or changes on this page.