Vulnerability Management is the process to handle security incidents.
The process includes to act in a timely manner.
The process includes joint action of the SOS development team and sales support team.

Resources

Vulnerability Reporting
- Private e-mail
- Private Ticket System for customers of the Commercial License
  - SOS Ticket System
Vulnerability Verification
- CVE ID: https://www.mitre.org/
Change Proposals
- Public JIRA Change Management System
Changes
- Public GitHub Source Code Repositories
Communication
- Public Ticket System for users of the Open Source License
  - SourceForge JobScheduler Ticket System
  - SourceForge YADE Ticket System
- RSS Feeds
- Twitter News

...

After receipt of a vulnerability report SOS sets up a Vulnerability Task Force task force to reproduce and to identify a reported vulnerability.
- This includes to identify affected releases of the software product.
- This includes to evaluate risks for a given vulnerability.
- This step typically is completed within 24 hours after receipt of a respective report.
If a vulnerability is confirmed then the task force will
- request a CVE ID from https://www.mitre.org/ and will provide the respective CVE report that is not publicly available,
- add a private Change Request to the Change Management System,
- report back to the vulnerability reporter about the assigned CVE ID. This step is completed immediately after receipt of a CVE ID and depends on mitre.org response times.

...

With fixes being available the following applies:
- Downloads
  - Maintenance releases are published for download with the SOS web site and with SourceForge.
  - Users should be aware that 3^rd party web sites that mirror downloads of SOS software products might or might not indicate availability of maintenance releases. SOS denies any liability for accurate and timely downloads of maintenance releases available from 3^rd party web sites.
- CVE Reports
  - With downloads being available SOS asks mitre.org to make the CVE report publicly available.
- Notification
  - Notifications are made available with the "News" section of the SOS web site.
  - Notifications are provided by RSS Feeds.
  - Notifications are provided via Twitter News
  - Customers who subscribe to notifications within their support option receive a notification by e-mail.
  - The Product Knowledge Base is added the information with the list of Vulnerabilities.
Fixes provided for any branches under maintenance are communicated at the same point in time.

...

Space shortcuts