On the afternoon of May 28, 2014, we were informed of a vulnerability that allowed users to access files ranging from simple images in surveys to configuration files in our system. The Vision Critical security team did an immediate review to determine the extent to which this vulnerability was used, to fix the issue, and do a complete analysis of all related systems ensuring they were not similarly exposed. We confirmed that survey, member, and community data remained safe and that all related systems were not similarly exposed. By the morning of May 30 2014, the issue was fully resolved. Survey, member, and community data are and remain safe. No action was or is required by any customers or community members. (For tracking purposes, this vulnerability is named CVE-2014-2960.)
At Vision Critical, trust and transparency form the foundation of our core values. Data security is a key component of that. We are committed to the highest security standards, which is why our more than 600 enterprise customers, including large financial institutions, healthcare and government organizations, trust our software today.
To achieve and maintain the high standards we set for ourselves and that our customers expect, we regularly perform network and application scans including tests, audits and reviews of our systems. These scans, combined with other third-party tests and audits, and our internal policies and processes, compose the multiple security layers for our systems and applications. (Not to mention our many customers who work with us running their own security tests of our systems).
There is no finish line for us in maintaining customer trust and transparency, including communicating this recent vulnerability to you. We are committed to continually enhancing our data security to maintain the high standards we set for ourselves and that our customers expect.
If you have any questions, please do not hesitate to reach out to us at any time.