Response Disclosure & Vulnerability Report

iManage Security: Responsible Disclosure Policy

As a provider of software and services to over one million users, iManage takes security very seriously. We investigate all reported vulnerabilities, which we accept from many sources including independent security researchers, customers, partners, and consultants.

Our Commitment to You

• Maintain security safeguards designed to ensure the confidentiality of the information you provide us
• To treat everyone who contributes with respect and recognize your contribution to keeping our customers safe and secure.
• To work with you to validate and remediate reported vulnerabilities
• To investigate and remediate issues in a manner consistent with protecting the safety and security of both on-prem and cloud customers. Addressing a valid reported vulnerability will take time. This will vary based on the severity of the vulnerability and the affected systems.

What We Ask of You

• We request that you communicate about potential vulnerabilities in a responsible manner, providing sufficient time and information for our team to validate and address potential issues. We request that researchers make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
• We request that researchers provide the technical details and background necessary for our team to identify and validate reported issues, using the form below.
• Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues. When possible, we would prefer that our respective public disclosures be posted simultaneously.