Teradici delivers products that offer the best quality and reliability. The Teradici Product Security Team supports this by helping to resolve security issues identified in Teradici products by security researchers, partners, or customers.
The Teradici Product Security process consists of four stages, which are based on the FIRST framework:
A potential vulnerability is reported to Teradici Product Security.
Teradici Product Security cooperates with the relevant Teradici development team to investigate and reproduce the vulnerability. Teradici Product Security performs internal vulnerability handling in collaboration with the responsible development groups. CERT teams of our customers may be notified about the problem upfront. During this time, regular communication is maintained between Teradici Product Security and the reporting party.
After the issue is analyzed, it is defined if a fix or mitigation is necessary to address the vulnerability. To the extent possible, the Teradici Product Security will work with the reporting party to verify and review fixes.
Corresponding fixes will be developed and prepared for distribution.
The Teradici Product Security team in conjunction with the reporting party will create a disclosure schedule. If public disclosure of the vulnerability is agreed upon, the Teradici Product Security team will release a Teradici Security Advisory at advisory.teradici.com in coordination with the reporting party's potential publication plans.
A security advisory usually contains the following information: