Overview 

As a CVE Numbering Authority (CNA) under the MITRE domain, Milestone follows the industry's best practices in managing and responding to security vulnerabilities discovered in our products.   

As with any software product or service, it is a general condition that it is impossible to guarantee that the software is completely free from vulnerabilities. However, as described in our SDL, Milestone can guarantee that we make a thorough effort to identify and mitigate potential vulnerabilities in our software, reducing the customer's risk of deploying or using Milestone’s software products or services in their environment.  

Milestone acknowledges that standard network protocols and the Microsoft Windows operating system may have inherent weaknesses that might be exploited. While Milestone does not take the responsibility for vulnerabilities in standard network protocols and Microsoft’s Windows operating systems, we do provide recommendations on how to reduce the risks related to using Milestone products and services in your IT infrastructure. See the XProtect VMS hardening guide, XProtect VMS certificates guide, Whitepaper - Ensuring end-to-end protection of media integrity, and eLearning - Ensuring Secure Systems.