Security Notifications

Vblock Systems are highly integrated converged infrastructures that comprise of multiple components. As such, when a security vulnerability is reported, VCE acts swiftly as the central point of contact for third party components – assessing the impact of each issue on the Vblock System as a whole. This requires thorough investigation, coordination, arriving at a resolution and testing appropriately. As a result, developments teams on both sides are working together expediting security fixes, treating them as ‘priority 1 issue’ and often work around the clock to deliver a patch.

While VCE is responsible for disclosing security vulnerabilities to customers, vulnerabilities will not be made public until initial reports have been investigated and validated, patches have been developed and thoroughly tested, and customers with maintenance contracts have been notified and given the chance to take recommended corrective actions.

Reporting Vulnerabilities

If you identify a security vulnerability in a VCE product, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.

Send vulnerability reports via e-mail to [email protected]. Or, if you prefer, contact VCE support via phone.

VCE is interested in working with both customers and external security researchers and will give credit to those who follow responsible disclosure practices. Responsible security researchers understand that the customer’s security is paramount, so they work with VCE’s Product Security team to make sure a patch is available, and that customers have had adequate time to deploy the patch, prior to discussing the vulnerability in public forums or releasing code. During this process, we commit to maintaining open communications channels with the finder of the vulnerability. VCE appreciates and respects the potential commercial and/or reputational importance timely disclosure may have for the finder.