All vulnerabilities in Centrify products will be disclosed to customers who have opted in to Centrify support announcements in a vulnerability notice no later than two (2) business days after the initial report to Centrify, regardless of the existence or availability of a patch or workaround.

Centrify monitors CERT Advisories and assesses the impact of such advisories on third party and open source code incorporated into Centrify products. Where an advisory relates to source code incorporated into a Centrify product, within five (5) business days of receipt of such advisory, Centrify will create a vulnerability notice, post it on its support portal and notify all customers who have opted in for email updates from Centrify.

Centrify will make commercially reasonable efforts to resolve the issue or provide a workaround in the shortest time possible.