Reporter may report the issue directly to a responsible Coordinator, such as CERT. Notify Zimbra via email at that the bug has been filed and provide the bug number.įor Supported Customers/Partners, open a Support Case with Zimbra Support at or by sending email to support zimbra com.Include reproduction details and/or exploit proof-of-concept.Select "Make bug visible only to reporter and Zimbra".Select the Version and Component - as appropriate.Select the correct product, Zimbra Collaboration ("ZCS") or Zimbra Desktop ("ZD").File bug at (Reporter will need to create an account on that system if they do not already have one - creating an account can be performed via self-service).If reporting via Bugzilla, please be sure that the bug is set to "Make bug visible only to reporter and Zimbra": Vulnerabilities can also be added directly by Reporter to the Zimbra public Bugzilla system. hardware, configuration, other applications installed, relevant details about the network topology, firewall rules, and anything else that may be of use). Complete revision information, including his or her implementation’s current version or patch level, and a description of the technology’s environment (e.g.All technical information and related materials the Vendor would need to reproduce the issue.The following details should be included in the encrypted email contents: This key is also available at this Zimbra URL:.Current Key:pub rsa3072/7854ABC9 Zimbra Security.Our recommended approach for email is to encrypt the details using Zimbra Security's public PGP/GPG key: Zimbra will confirm the receipt of the details, and will verify and proceed with the vulnerability response, as defined in the Zimbra Responsible Disclosure Policy.Reporter will email the additional details using an encrypted mechanism (see below).Within seven business days of initial contact by the Reporter, Zimbra should promptly acknowledge, with a personal response rather than an automated message, that it has received the report and is requesting additional details.Reporter will notify that a vulnerability has been identified.Email can be used for reporting vulnerabilities, but the following steps must be followed: The following methods are acceptable methods of reporting issues securely via encrypted mechanisms:ġ. Reporting Vulnerability Securely to Zimbra In turn, when the Zimbra Responsible Disclosure Policy is followed by the Reporter, Zimbra will acknowledge the Reporter of the found vulnerability on the Zimbra Security Center. In order to fix and communicate the vulnerability safely to the greatest number of commercial and open-source sites, Zimbra seeks to build a partnership with its Researchers to identify, verify, patch and release software in such a way as to allow sites to be protected against a vulnerability prior to the release of public information on the vulnerability. As described in the Zimbra Responsible Disclosure Policy, it is critical that the Reporter please use the following techniques to report the vulnerability responsibly and securely via encrypted mechanisms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |