If you have identified a security vulnerability in system or product please RayVentura with your findings. We strongly recommend using our PGP key to prevent this information from falling into the wrong hands.

Upon receipt of a security report the following steps will be taken:

• Acknowledge your report within 48 hours, and provide a further more detailed update within 48 hours.
• Confirm the problem and determine the affected versions
• Keep you informed of the progress towards resolving the problem and notify you when the vulnerability has been fixed.
• Audit code to find any potential similar problems.
• Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
• Handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.

Whilst the issue is under investigation

• Do provide as much information as possible.
• Do not exploit of the vulnerability or problem you have discovered.
• Do not reveal the problem to others until it has been resolved.