Who is this article for?
CrashPlan for Small Business, yes.
Code42 for Enterprise, yes.
Link: Product plans and features.
Code42 investigates all reports of security vulnerabilities affecting Code42 products and services. If you believe you've found a Code42 security vulnerability, we'd like to work with you to investigate it.
The Code42 security team does not provide technical support. If you need help with something other than reporting a potential security vulnerability, contact our Customer Champions for Code42 for Enterprise support or CrashPlan for Small Business support.
Information to include
To help us better understand the nature and scope of the potential vulnerability, include as much of the following information as possible:
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the issue
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue on a fresh install
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
How to contact us
To report a potential security vulnerability, email us at firstname.lastname@example.org.
We recommend that you encrypt your message with our PGP key. To view and copy our public key, expand the following section.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFwvjOABCACbMCul+1FZiLZ+ugwzwCy4DvQFzbh4RxoGPMAh5JYqPBXT0VMA iF9itJwbMNPMAP0j/IlarbCqTpnAs/1pupIqn8Ex5LWPHxkMATJxeSsp5CUeTv9u 4yL+MDdTBIe19lHZ1aJzqwnM/h9/7Jvtx2K6PrNCIGNU6JjJOwqwc48+OAd/KOUg GyPekXxOoSD3N3W85p4fxZdBy5HjIYumjLFNOS1AJu35aVL/yDEMP0WrnTNB2qD1 h5MB54btuj4CdhM5Q1Rcz+vjeYK10nTge4gtTqLyL0DIZ2d1VorCP8nxkz51bwmi C9MmVYNuF/KiFzjx3D7XzJ3nLkXAignOC+13ABEBAAG0HUNvZGU0MiBCdWdzIDxi dWdzQGNvZGU0Mi5jb20+iQE3BBMBCAAhBQJcL4zgAhsDBQsJCAcCBhUICQoLAgQW AgMBAh4BAheAAAoJEJWOka7v4rbDLEYH/RsFfznbev2LHaVqg8o9/3GawLknMUo+ fWEKDYU4J0kHInFxftIMUxmg4EhFWd0klM0cAFyljUIiETr+EN0v9tAqymy/wskL TPR0UzZRS3zFcUC5fuhIelgHev05vgYl7kfqUgbMhkMj0MxHJpNByqLJveOzJNmk JEm5MVlJwSZT1oa0GugBKbYlbbxnmCmeSB3eiKxk6SUPnpMvUi+HNdO3+kFTnTNv +GGXl40OvPKvAwC5cm1duvezjebKZ8/m/wizR23ixiEYoB37qgSxI7GzpIwkvu/K Krxeg3Zpc6hPVZg7xichGAM5WvEki3CXIxb9iCxQKuB573ncnbLulfi5AQ0EXC+M 4AEIANDfiA1evoC1tKWAC5vxsBe4Nf7fpQ7jSj2q0CQJRECeJFnkXj0u/D8DFIsC 9wN/tmrPOGlAsww3nvNAitYw/UgMufjuU5SHn0mCt6JVjcW2VtVJpjsr59uCfbqR ybJ8EBRrZFH+hDrvcYUICABSlkgtgAHt62MSPkIhnm99L+BxFybzuEtmgy+gvMU9 ieT8JlOBPt59yExTowkgFoi5qa4Zvzm8VmrZOeOnNmh9Arks3kxbRx68NXNW7n0M 4hWFZrSzUHWK6qixhlijkTOHE+2nN3AvolB6evEd1xlhxs4ah/R7lr9k+6axuVnz AV8oF5Fi5e14YtapSnQ0NA2e3CEAEQEAAYkBHwQYAQgACQUCXC+M4AIbDAAKCRCV jpGu7+K2w9eQB/9z6uHm2Z7Irwm0l1EwRxrj1kkEg7zMbwWEiQ70R7V1ulRbl/BM EfxBttqQJCab3Am0coKV6RQ1fCKgkY5zQoemfkCzKomKM6aeYFa8+TpzCcjx8Ars 16GoOorvSTGlLFTtcXFLjg46LkgeKvixnEee1dZysgcDPHe4ph0M1A5uXlz+PemJ /+xtloFox/dQdqbHuWAMlfTjF8LkOQFBrZNXrCNpsr1Jb+kihqDURKZT7Ihm/B5E ejJR7uF4Zt/zyqNd/SuAEMnmLhjDR/rBoui4Ww/4cb/NpUdR0g4shhpHKfIzwAGO qsJBlqr76mv0w2WitncOH8yvr+3WZaFSwYoJ =H//V -----END PGP PUBLIC KEY BLOCK-----
What happens after I contact Code42?
When Code42 receives a vulnerability report, we triage it to determine if we should open a more in-depth investigation.
If we confirm that a report has identified a security vulnerability, Code42 takes the following steps:
- We create a patch or update that fixes the security vulnerability in our product.
- We inform our customers about the security vulnerability and how to remedy it. To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
- Once Code42 customers have had time to remedy the security vulnerability, we publish a security advisory to the public in the following locations: