Teradici Product Security

Vulnerability Management Process.

Overview of the Teradici Product Security processes

Teradici delivers products that offer the best quality and reliability. The Teradici Product Security Team supports this by helping to resolve security issues identified in Teradici products by security researchers, partners, or customers.

The Teradici Product Security process consists of four stages, which are based on the FIRST framework:


Discovery

A potential vulnerability is reported to Teradici Product Security.

Triage

Teradici Product Security cooperates with the relevant Teradici development team to investigate and reproduce the vulnerability. Teradici Product Security performs internal vulnerability handling in collaboration with the responsible development groups. CERT teams of our customers may be notified about the problem upfront. During this time, regular communication is maintained between Teradici Product Security and the reporting party.

Remediation

After the issue is analyzed, it is defined if a fix or mitigation is necessary to address the vulnerability. To the extent possible, the Teradici Product Security will work with the reporting party to verify and review fixes.

Corresponding fixes will be developed and prepared for distribution.

Disclosure

The Teradici Product Security team in conjunction with the reporting party will create a disclosure schedule. If public disclosure of the vulnerability is agreed upon, the Teradici Product Security team will release a Teradici Security Advisory at advisory.teradici.com in coordination with the reporting party's potential publication plans.

A security advisory usually contains the following information:


Find out about the Teradici Responsible Disclosure Policy