Support Policy

Product Versions

Accusoft Support Plans entitle customers to support for the current major version of the product.  At Accusoft's discretion, limited technical assistance may be offered for versions older than the current major version..  Accusoft only fixes defects in the most recent version of the product. Accusoft reserves the right to stop supporting products two years after a product's last release or after a new major version is released. Use of older Accusoft products continues to be governed by the product's licensing terms and copyrights; Accusoft does not waive any rights over time.

Use of Sample Code

The Accusoft Technical Support Team may make available to customers sample code designed to demonstrate product usage.  This code is for illustrative purposes only, and is supplied "As Is".

Security Bug Fixes

Accusoft makes it a priority to ensure that our customers' systems and data cannot be compromised by any user potentially exploiting vulnerabilities in Accusoft products.  When a security vulnerability in the most recently released version of an Accusoft product is discovered by Accusoft or reported by a third party, Accusoft evaluates the issue, assigns a severity level for the vulnerability, and determines the appropriate response.

Security vulnerabilities are fixed in the latest shipping version of the product.  The customer must upgrade the product installation to the latest release to apply the fix for any vulnerability.

Accusoft defines the following severity levels for security vulnerabilities:

  • Critical
  • High
  • Medium
  • Low

Severity Level: Critical

Characteristics

Vulnerabilities that rank in the critical range usually have most of the following characteristics:

  • Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.
  • Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user (via social engineering, for example), into performing any special functions.
  • Exploitation results in unauthorized access to, or loss of, data.
  • Exploitation prevents use of the product.

Response

Accusoft responds to critical vulnerabilities as follows:

  • Provide, if possible, a temporary preventative workaround for the vulnerability
  • Address the issue in the latest version of the product as soon as possible.

(We attempt to have the fix available within five weeks of being confirmed.)

Severity Level: High

Characteristics

Vulnerabilities that score in the high range usually have some of the following characteristics:

  • The vulnerability is difficult to exploit.
  • Exploitation could result in elevated privileges.
  • Exploitation could result in a significant data loss or downtime.

Response

Accusoft responds to high severity vulnerabilities as follows:

  • Address the issue in the next scheduled release if possible.

(We attempt to have the fix available within 10 weeks of being confirmed.)

Severity Level: Medium

Characteristics

Vulnerabilities that score in the medium range usually have some of the following characteristics

  • Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
  • Denial of service vulnerabilities that are difficult to set up.
  • Exploits that require an attacker to reside on the same local network as the victim.
  • Vulnerabilities where exploitation provides only very limited access.
  • Vulnerabilities that require user privileges for successful exploitation.

Response

Accusoft responds to medium severity vulnerabilities as follows:

  • Address the issue in the next scheduled release if possible.

(We attempt to have the fix available within 20 weeks of being confirmed.)

Severity Level: Low

Characteristics

  • Vulnerabilities in the low range typically have very little impact on an organization's business.
  • Exploitation of such vulnerabilities usually requires local or physical system access.

Response

Accusoft responds to low severity vulnerabilities as follows:

  • The vulnerability may be addressed in a future release