If you need to contact Rocket Software about a security issue with one of our products or services and do not have access to the Customer Support Portal, please use the email address [email protected]. The more details you provide, the easier it will be for us to triage and fix the issue; your submission to Rocket should include the following details:
- Product, version, and/or system description
- A clear description of the vulnerability with supporting evidence (e.g., logs, screen captures, system responses)
- Steps necessary to reproduce the vulnerability or issue
- The operating systems and versions in use when identifying the vulnerability
- Relevant IP addresses or URLs
- Researcher’s assessment of the exploitability and associated potential impact of the issue
- Contact information
If any of the disclosure content submitted to us has sensitive information that requires additional protection, please contact us via one of the Official Channels, and we will provide a URL for the secure upload of supporting documentation.
When conducting vulnerability research according to this policy, we will not pursue or support legal action related to your good-faith security observations or research.
You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of our Official Channels before proceeding.
Note that the Safe Harbor applies only to legal claims under the control of the organization participating in this policy, and the policy does not bind independent third parties.