Symantec is committed to resolving security vulnerabilities in our products quickly and carefully. We take the necessary steps to minimize customer risk, provide timely information, and deliver vulnerability fixes and mitigations required to address security threats in Symantec software.
As a founding member of the Organization for Internet Safety (OIS), Symantec is committed to following the Responsible Disclosure guidelines developed by OIS and described in ISO 29417 for externally reported vulnerabilities in Symantec products. These guidelines encourage open communication between finders and vendors, clarify responsibilities between parties, and protect individuals, enterprises, and internet infrastructure from exploitation whenever possible. We work closely with researchers who communicate vulnerabilities to us, and we give credit to finders who follow responsible disclosure.