Product Vulnerability Disclosure Policy - Aderant

Responsible Disclosure Policy

Background

Aderant takes all security vulnerabilities that potentially impact our products, services, and customers seriously. We would like to collaborate with you to investigate, verify, and remediate potential issues. If you need to contact Aderant about a security issue with one of our products or services and do not have access to the Aderant Customer Support Portal, please use the email address [email protected].

Reporting Responsibilities

Individuals and organizations reporting potential security issues have the following responsibilities:

  • Provide a detailed, specific, complete, and accurate submission;
  • Include contact information so that Aderant can respond to the issues, as needed; and
  • Handle the submission and any vulnerabilities as confidential information.

Individuals and organizations should not:

  • Divulge vulnerabilities or security issues to any third party until public disclosure is mutually agreed upon with Aderant;
  • Break any national, state, or local laws;
  • Put Aderant employees, clients, code, or data at risk of compromise or deletion;
  • Perform any unsolicited or unauthorized security testing of Aderant-hosted information systems that may result in denial of service (DoS) conditions or disrupt routine operations; or
  • Attempt physical access to Aderant facilities or social engineering targeting Aderant employees or subcontractors.

Aderant Response

Once a security report is verified, Aderant will respond and coordinate with you through resolution. Please refrain from posting details publicly to ensure that Aderant has enough time to develop and test any patches and customers have sufficient time to remediate.

We do not currently offer financial compensation for vulnerability reports (i.e., a “bug bounty”). If you adhere to the responsibilities and guidelines in this policy, we will not pursue or support legal action related to your good-faith security observations or research.

Disclosure

If any of the disclosure content to be submitted to us has sensitive information that requires additional protection, please contact us via the support portal or using the notification email address, and we will provide an SFTP link for the secure upload of supporting documentation.

Your submission to Aderant should include the following details:

  • Product and version;
  • A clear description of the vulnerability with supporting evidence (e.g., logs, screen captures, system responses);
  • Steps necessary to reproduce the vulnerability or issue;
  • The operating systems and versions in use when identifying the vulnerability;
  • Relevant IP addresses or URLs;
  • Your assessment of the exploitability and associated impact of the issue; and
  • Contact information and preferred method of contact.