Reporting vulnerabilities 

Milestone continuously work to identify, limit, and address the risks associated with vulnerabilities in our products and services. However, should you identify a security vulnerability in a Milestone product or service, we encourage you to report the vulnerability to Milestone immediately. The process of speedy communication of identified security vulnerabilities is critical to reduce the likelihood and time period a vulnerability might be exploited in practice. 

Any person who has identified a potential vulnerability in Milestone’s products and services can securely and confidentially Contact Milestone's security response team. You can submit the form with your contact details for further contact and communication with you about the vulnerability, or submit the form anonymously if you want to. Regardless of your choice, all data submitted is handled according to our Privacy Policy.   

No matter if the form is submitted with contact details or anonymously, we require you to inform us of which product and version or service the vulnerability have been found in. You must also provide a title and description of the vulnerability. If you have files that document or support the described vulnerability, you can upload them as part of the submission.

For submissions that are not anonymous, Milestone will confirm the vulnerability submission within two (2) business days, and triage the submitted vulnerability within 15 business days.