shield Product Security

Security Advisory

Protecting our customers from security threats is a core responsibility at Pacewave. We welcome reports from users, researchers, and organisations, and are committed to responding transparently and promptly.

Report a vulnerability

We strongly encourage organisations and individuals to contact Pacewave's security team to report any potential security issue with our products or services.

Email
Response timeframe Pacewave will acknowledge all vulnerability reports within 10 business days and provide regular updates until the issue is resolved.
What to include A description of the issue, affected product and firmware version, steps to reproduce, and any supporting evidence. Writing in English is preferred.

Pacewave may request additional information to help reproduce and validate the reported issue.
Bounty programme Pacewave does not currently operate a vulnerability bounty programme.

How Pacewave handles vulnerabilities

All reports follow a four-stage coordinated disclosure process, aligned with NCSC guidance and ISO/IEC 29147.

Receipt

Report received via email or identified through proactive monitoring.

Triage

Severity and impact assessed; reporter contacted if further detail is needed.

Remediation

Fix developed, tested, and prepared for release; typically up to 90 days.

Disclosure

Security advisory published and affected customers informed.

Process follows NCSC vulnerability management guidance and ISO/IEC 29147:2018.

When we publish an advisory

An advisory is published when a vulnerability is rated CRITICAL and a fix is available, or when active exploitation is detected and customers need to act promptly.

Remediation timeframes

Remediation typically takes up to 90 days. Complex or widespread vulnerabilities may take longer. Reporters are kept updated throughout.

Responsible reporting guidelines

  1. All parties to a vulnerability disclosure should comply with the laws of their country or region.

  2. Reports should be based on the latest released firmware and preferably written in English.

  3. Report vulnerabilities through the dedicated email channel only. Reports received via other channels cannot be guaranteed acknowledgement.

  4. Adhere to data protection principles at all times. Do not access, modify, or exfiltrate user data, employee data, or Pacewave systems beyond what is necessary to demonstrate the issue.

  5. Maintain communication and cooperation during the disclosure process. Do not publish vulnerability details publicly prior to the agreed disclosure date.

Ready to report an issue?

Send your vulnerability report directly to our security team. We review all submissions and will respond within 10 business days.

Email security team send

Related

PSTI Statement of Compliance

Our formal declaration under the Product Security and Telecommunications Infrastructure Act 2022.