A Security Vulnerability is a weakness at the network services, operating system, or application level, or within associated functions of networks, computer systems, or software that could allow a Security Incident to occur. Security Vulnerability also includes physical vulnerabilities to the premises containing or permitting access to Kutubi.AI or Customer Sensitive Data.
Any party with knowledge of security vulnerability can report them to firstname.lastname@example.org The engineering department will monitor the above email address and will be responsible for triaging incoming vulnerability reports.
When an incoming vulnerability report is available, the responsible team will classify the risk as Critical Risk, High Risk, Medium Risk or Low Risk in accordance with its Infosec Risk Management guide.
The time-frame for correcting the vulnerability will be based on the above classification of the risk assessment.
Within commercially viable options, a critical risk will be attempted to be corrected within 24 hours of the report, a high risk within 48 hours, medium risk within 7 calendar days and low risk within 30 calendar days.