ManageEngine takes utmost care in delivering highly secure products. ManageEngine Security Response Center (MESRC) attempts to monitor, identify, investigate, resolve and respond to security vulnerabilities related to its products.
As part of our quest for security, the MESRC keeps monitoring the various security forums, including the US-CERT, National Vulnerabilities Database, Bugtraq and others to identify any vulnerabilities reported on ManageEngine products or on the third-party software bundled with ManageEngine's products.
Apart from keeping vigil on vulnerabilities on our own, MESRC highly encourages ManageEngine customers, prospects and security specialists/researchers who believe they have found a security vulnerability with any of its products, to report the same to MESRC. Vulnerabilities can be reported to MESRC at https://bugbounty.zoho.com/. For more information about vulnerability reporting, please contact firstname.lastname@example.org.
After getting information about a vulnerability, MESRC, through the respective product experts, validates the claims, investigates the cause and takes up remedial measures and fixes. Once the remedy is ready, it is provided as a service pack/patch to all customers following the usual support process.
As far as vulnerabilities related to the third-party software bundled with ManageEngine products, responding to the reported vulnerabilities will depend on the responsiveness of the corresponding third-party software.
The usage, support and maintenance of ManageEngine products are governed purely by the respective license agreement between ManageEngine and the customer. The information about MESRC in this page does not modify or enlarge the license agreement in any manner. Any information on any vulnerability about any of the ManageEngine products, as reported to MESRC shall become the sole information of ManageEngine.