Security Disclosure Policy

DataViz appreciates investigations into security vulnerabilities when they are carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect DataViz’s customers from the impact of security issues.

We promise to respond to and fix security issues in a timely manner, depending on the severity and risk that the issue represents.  We will also let our customers know when these issues present a real security threat to them.

If you do find a security vulnerability in any of DataViz’s products, we ask that you disclose it to us responsibly by emailing support@dataviz.com.  We ask that you not discuss potential vulnerabilities in public without validating with us first.

On receipt of a security issue, our team will:

  • Review and verify the issue
  • Respond with confirmation or questions
  • Report back when the security bug has been addressed. We will notify the person who reported the vulnerability, who is then welcome to optionally disclose publicly.

While DataViz does not have a bug bounty program at the moment, we greatly appreciate your bringing any issues to our attention.

 

***** Thank You from DataViz ****

DataViz would like to thank the following security professionals for their past reports and help in tracking down issues.

Julien Thomas of the Protekoid Project (https://www.protektoid.com/)

  • June 2019: Docs To Go for Android vulnerability with the ContentProviderAPI. Fixed in version 4.003.1568 (Sep 2019)