This document describes the timeframes that we try our best to follow, while fixing security vulnerabilities.
Please note that these timeframes do not constitute as SLAs but rather targets we set for planning our work.
This is v1 of the document dated 28 July 2020
Targets for Fixing Security Vulnerabilities
Security vulnerabilites should be fixed in the timeframes below, starting when the vulnerability is reported and confirmed.
| Severity | Cloud Apps | Server & Data Center Apps |
|---|---|---|
| Critical | 2 weeks | 4 weeks |
| High | 4 weeks | 12 weeks |
| Medium | 8 weeks | 18 weeks |
| Low | 26 weeks | 26 weeks |
For details on vulnerability classification, see Severity Levels for Security Issues.