How to Report Security Vulnerabilities to MDaemon Technologies
If you are an MDaemon Technologies customer or partner, please use your designated support mechanism (Request Support Form) to submit a service request for any security vulnerability you believe you have discovered in an MDaemon Technologies product. If you are not a customer or partner, please email support@help.mdaemon.com about your discovery with the following information:
- Version of the software being tested
- Sufficient details of the vulnerability to allow it to be understood and reproduced
- Requests and responses, HTML snippets, screenshots or any other supporting evidence
- Proof of concept code (if available)
- The impact of the vulnerability
MDaemon Technologies values the members of the independent security research community who find security vulnerabilities and work with us so that security fixes can be issued to all customers, but please note that we do not pay for vulnerability reports. MDaemon Technologies' policy is to credit all researchers in any Critical Patch Update documentation when a fix for the reported security bug is issued. In order to receive credit, security researchers must follow responsible disclosure practices, including:
- They do not publish the vulnerability prior to MDaemon Technology releasing a fix for it
- They do not divulge exact details of the issue, for example, through exploits or proof-of-concept code
MDaemon Technologies does not credit employees or contractors of MDaemon Technologies and its subsidiaries for vulnerabilities they have found.