Skip to main content

Vulnerability Management Process

Eve avatar
Written by Eve
Updated this week

Introduction

The purpose of this document is to outline the 3Floorsup Pty Ltd ("3Floorsup") Vulnerability Management Process.

The goal of this process is to ensure that vulnerabilities in Maintainly-branded software and systems are identified and remediated in a timely and effective manner. This process will also ensure that our customers are notified of any vulnerabilities that may impact their use of our services.

Vulnerability Management Process

  1. Vulnerability Identification

    The first step in our Vulnerability Management Process is to identify potential vulnerabilities in our software and systems. This is done through various methods, including internal automated and manual testing, external security audits, automated scanning tools and via the Maintainly Bug Bounty Program.

  2. Vulnerability Assessment

    Every potential vulnerability is identified and registered in Maintainly's issue tracking register. It is then assessed to determine the level of risk it poses to software and systems. This assessment will consider factors such as the likelihood of exploitation, type of data potentially impacted and the potential impact on customers and partners alike.

  3. Vulnerability Prioritisation

    After the vulnerability has been assessed, it will be prioritised based on the level of risk it poses. High-risk vulnerabilities will be addressed immediately (within 8 hours) while lower-risk vulnerabilities may be addressed during routine maintenance cycles (within 30 days).

  4. Vulnerability Remediation

    The next step is to remediate the vulnerability. This may involve patching software, updating configurations, or implementing new security controls. Once the remediation is complete, the vulnerability will be retested to ensure that it has been properly addressed.

  5. Customer Notification

    If a vulnerability is identified that may impact our customers, we will notify them as soon as possible. This notification will include details of the vulnerability, the potential impact on their use of our services, and any steps they can take to mitigate the risk.

  6. Vulnerability Tracking

    All vulnerabilities will be tracked through our vulnerability management system. This system will ensure that vulnerabilities are properly prioritized, remediated, and retested.

  7. Continuous Improvement

    Our Vulnerability Management Process will be regularly reviewed and updated to ensure that it remains effective and efficient. This may involve changes to our testing methodologies, security controls, or notification procedures.

The 3Floorsup Vulnerability Management Process is a critical component of our overall security strategy. By identifying and remediating vulnerabilities in a timely and effective manner, 3Floorsup can reduce the risk of security incidents and protect our customers and business. This process will be regularly reviewed and updated to ensure that it remains effective and aligned with industry best practices.

Did this answer your question?