Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, yes.

Code42 for Enterprise, yes.

Link: Product plans and features.

Code42 Support

Report a security vulnerability to Code42

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, yes.

Code42 for Enterprise, yes.

Link: Product plans and features.

Overview 

Code42 investigates all reports of security vulnerabilities affecting Code42 products and services. If you believe you've found a Code42 security vulnerability, we'd like to work with you to investigate it.

Contact Customer Champions for technical support
The Code42 security team does not provide technical support. If you need help with something other than reporting a potential security vulnerability, contact our Customer Champions​ for Code42 for Enterprise support or CrashPlan for Small Business support.

Information to include

To help us better understand the nature and scope of the potential vulnerability, include as much of the following information as possible: 

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product and version that contains the issue
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue on a fresh install
  • Proof-of-concept or exploit code
  • Impact of the issue, including how an attacker could exploit the issue

How to contact us

To report a potential security vulnerability, email us at bugs@code42.com.

We recommend that you encrypt your message with our PGP key. To view and copy our public key, expand the following section. 

PGP key

What happens after I contact Code42?

When Code42 receives a vulnerability report, we triage it to determine if we should open a more in-depth investigation. 

If we confirm that a report has identified a security vulnerability, Code42 takes the following steps:

  1. We create a patch or update that fixes the security vulnerability in our product.
  2. We inform our customers about the security vulnerability and how to remedy it. To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
  3. Once Code42 customers have had time to remedy the security vulnerability, we publish a security advisory to the public in the following locations:

If you want to be notified when Code42 identifies a security vulnerability, sign up for email notifications