Vulnerability Disclosure Policy

Revised September 2018

1. Purpose

This policy establishes the requirements for reporting and resolving security vulnerabilities. We are committed to resolving vulnerabilities to meet the needs of our customers and the broader technology community. This document describes policy for receiving reports related to potential security vulnerabilities in our products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities.

2. When to contact the security emergency response team

Contact SecureAuth’s Computer Security Emergency Response Team (CSERT) by submitting a request via our secure support web portal at using the “Product Vulnerability Report Form” or the “Service Vulnerability Report Form” in the following situations:

•You have identified a potential security vulnerability with one of our products; or

•You have identified a potential security vulnerability with one of our services.

After your report is received, the appropriate personnel will contact you to follow-up.

To ensure confidentiality, we strongly encourage you to use the secure support web portal to exchange any sensitive information updates related to the report.

The “Product Vulnerability Report Form” and “Service Vulnerability Report Form” are intended ONLY for the purposes of reporting product or service security vulnerabilities. They are not for technical support information on our products or services. For technical and customer support inquiries, please submit a request using the applicable service ticket type.

We attempt to acknowledge receipt to all submitted reports within seven (7) days.

3. When to contact the security emergency response team

Technical security information about our products and services is distributed through several channels.

a. We distribute information to customers about security vulnerabilities via e-mail to registered support contacts as defined in our support policy. In most cases, we will issue a notice when we have identified a practical workaround or fix for the particular security vulnerability though there can be instances when we issue a notice in the absence of a workaround when the vulnerability has become widely known to the security community.

b. Because each security vulnerability case is different, we can take alternative actions in connection with issuing security notices or Advisories. We may determine to accelerate or delay the release of a notice or not issue a notice at all. We do not guarantee that security notices will be issued for any or all security issues that customers may consider significant or that notices will be issued on any specific timetable.

c. Security-related information may also be distributed by us to public newsgroups or electronic mailing lists. This is done on an ad hoc basis, depending on how we perceive the relevance of each notice to each particular forum.

d. We also work with the formal incident response community to distribute information. Many security notices are distributed by various independent advisory groups at the same time that they are sent through our information distribution channels.

All aspects of this process are subject to change without notice, as well as for case-by-case exceptions. No particular level of response is guaranteed for any specific issue or class of issues.

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities


Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy


Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources


Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution



Financial Services


Energy and Utilities

Public Sector


White Papers


Recorded Webinars

Analyst Reports

Innovation Labs


Support Portal

Events & Webinars



Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth