IMPORTANT NOTICE: Milestone software does not use the Spring framework, and is not affected by CVE-2022-22965
Fighting Cybercrime 24/7
A Product Security Incident Response Team you can count on.
Encountered a potential security vulnerability in any of Milestone’s supported products?
Milestone PSIRT
Cyber attackers take no breaks so keeping your video management solutions system safe is a continuous joint effort. The Milestone Product Security Incident Response Team (PSIRT) manages the receipt, investigation, internal coordination, and disclosure of security vulnerability information related to Milestone products. On top of our ongoing procedures aimed at security investigation, mitigation, and disclosure, we encourage security researchers, customers, and partners to report any potential security vulnerability related to Milestone’s products.
Reliable partner, responsible disclosure
We strive to ensure that our software and hardware is secure by design, secure by default, and secure by deployment. Milestone follows strict disclosure policies and is compliant with the IEC 29147 standard aiming to provide the best cybersecurity experience. In alignment with our Vulnerability Handling Process, Milestone is committed to providing mitigations and/or software updates for any potential vulnerability found in our supported products, as soon as possible and free of charge.
Latest security advisories
To learn more about recent vulnerabilities and their mitigation please refer to our articles on cybersecurity.
Closer collaboration, quicker mitigation
Effective mitigation starts with close collaboration. Since there is no such thing as being “too secure”, if you think you have encountered a potential security vulnerability in any of our supported products, we highly encourage you to report this to us using the secure form below.
Processes and policies
Clear processes and transparent policies that make all the difference.
Milestone Responsible Disclosure Policy
We perform the strictest software and hardware security processes and testing and are IEC 29147 compliant. However, security vulnerabilities after a product release remain a possibility in this software environment. In such cases, transparency, communication, and quick action are key. Our transparent disclosure policy is designed to resolve any vulnerability occurring in Milestone- developed capabilities, embedded technologies, and execution environments where our products operate. It covers active threat monitoring, rapid assessment and threat prioritization, response and proactive customer contact, and expedited remediation.
Milestone Security Development Lifecycle
This process ensures the agreed levels of security quality are met when resolving any security concerns. It aims to resolve any security concerns as quickly as possible and to minimize the adverse impact on business operations and corporate identity.
Milestone Vulnerability Handling Process
This process ensures the agreed levels of security quality are met when resolving any security concerns. It aims to resolve any security concerns as quickly as possible and to minimize the adverse impact on business operations and corporate identity.