Code42 investigates all reports of security vulnerabilities affecting Code42 products and services. If you believe you've found a Code42 security vulnerability, we'd like to work with you to investigate it.
The Code42 security team does not provide technical support. If you need help with something other than reporting a potential security vulnerability, contact our Customer Champions for support.
Report a security vulnerability
To help us understand the nature and scope of the potential vulnerability, complete the following form with as much information as possible. When you're done, click Report Vulnerability to submit your report to Code42.
What happens after I report a vulnerability?
When Code42 receives a vulnerability report, we triage it to determine if we should open a more in-depth investigation.
If we confirm that a report has identified a security vulnerability that meets our CVE criteria, Code42 takes the following steps:
- We create a patch or update that fixes the security vulnerability in our product.
- We inform our customers about the security vulnerability and how to remedy it. To protect the security of our customers, we don't share information about a vulnerability until it has been fully investigated and a patch or update is available that resolves the issue.
- We publish a security advisory to the public in the following locations:
If you want to be notified when Code42 identifies a security vulnerability, navigate to the Code42 email preferences page and check the box "Common Security and Vulnerability Reports" in the preferences form.