Snow Responsible Disclosure Policy

Keeping our customers safe is our primary concern. Snow has a Secure Development Lifecycle to integrate security into its products from design, through development and release. However, sometimes vulnerabilities escape detection, or exploits are released after the product is already on the market.

We investigate all vulnerability reports and will implement the best course of action to protect our customers. If you are a security researcher and have discovered a security vulnerability in our products, we would appreciate your help in disclosing it to us in a responsible manner.

If you identify a verified vulnerability in compliance with our Responsible Disclosure Policy, we commit to:

Provide acknowledgement of receipt of your vulnerability report (within 48 business hours of submission)
Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together
Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated
Publicly acknowledge your responsible disclosure (if you wish)

Please contact us via security@snowsoftware.com.

Snow CIO and General Counsel reviews our Vulnerability Disclosure policy from a legal and operational perspective on a yearly basis.

New Release: 2024 IT Priorities Report

Gartner® Analyst Research

Investec

Bolstering the Foundations for Success with the New and Improved Snow Partner Program

Flexera Completes Acquisition of Snow Software, Broadening its Portfolio for Technology Value Optimization

Snow Responsible Disclosure Policy