Zimbra strongly recognizes that its collaboration and community software platforms hold highly valuable user data and are commonly directly connected to the Internet. We greatly value high security standards and prioritize testing for and fixing security issues in our core and third-party software components.
Zimbra is deeply committed to preventing security breaches that can have a direct and deep impact on all of the following:
Zimbra utilizes a Vulnerability Life Cycle workflow based on the NIAC nine-step vulnerability life cycle [reference: [NIAC Vulnerability Disclosure Framework, National Infrastructure Advisory Council, Jan 2004, http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf]:
When a vulnerability is reported and verified on Zimbra products, Zimbra will use reasonable efforts to quickly fix the reported vulnerability. A fix may take one or more of these forms:
For Critical security vulnerabilities, Zimbra will prioritize and release a fix at first opportunity. When a release or patch for a Critical or Major vulnerability becomes available, Zimbra will notify its customers by the following means:
Powered by Zimbra