Bug Fix Policy
The following describes how and when we resolve security bugs in our products. It does not describe the complete disclosure or advisory process that we follow.
Security bug fix Service Level Objectives (SLO)
Realigned Technologies sets service level objectives for fixing security vulnerabilities based on the security severity level and the affected product. We have defined the following timeframes for fixing security issues in our products:
Resolution TimeframesThese timeframes apply to all of our products, and any other software or system that is managed by us, or is running on Realigned Technologies infrastructure.
- Critical severity bugs to be fixed in product within 1 weeks of being verified
- High severity bugs to be fixed in product within 2 weeks of being verified
- Medium severity bugs to be fixed in product within 4 weeks of being verified
- Low severity bugs to be fixed in product within 12 weeks of being verified
When a Critical security vulnerability is discovered by Realigned Technologies or reported by a third party, Realigned Technologies Ltd will deliver a bugfix release in accordance with the resolution timeframes described above.
A bugfix release will always follow the newest version of the product. It is not recommended to use older versions of the product for any reason. We will inform customers about critical vulnerabilities via email, and if a bugfix release is announced, customers should upgrade to the newest version immediately.
The critical vulnerabilities resolution process does not apply to apps built for Atlassian Cloud products as these services are always updated by Realigned Technologies without any additional action from customers.
In order to fix critical vulnerabilities within the short timeframe described above, Realigned Technologies Ltd may temporarly limit or disable app functions affected by the vulnerability.