Vulnerability Notification Process

As a part of our commitment to protecting the security and privacy of our customers and clients Wipfli has invested significant resources and effort into developing secure solutions free of vulnerabilities and other issues.

In recognizing that no solution is perfect Wipfli has implemented a vulnerability disclosure process in order to more effectively enable the reporting and remediation of externally discovered security issues.

Vulnerability Notification Process

If you have identified a vulnerability affecting a Wipfli system, service, or application please notify us as soon as possible via VulnerabilityReport@wipfli.com

We ask that, at a minimum, your vulnerability report include the following:

• The vulnerable system, service, or application.
• A detailed description of the vulnerability to include a step-by-step instructions for recreation.
• Time and method of the vulnerability discovery
• Any other related information such as code samples, Proof of Concepts, screenshots, etc.
• Your preferred contact information.

Vulnerability Mitigation Process

Upon receipt of your vulnerability report Wipfli will investigate, triage, and take appropriate action in order to remediate the issue.

Vulnerability Notification Agreement

By submitting a vulnerability report you agree to the following:

• Not to disclose the vulnerability to anyone until the issue has been adequately resolved and an agreed upon timeframe has expired.
• Not to take advantage of or otherwise exploit the vulnerability in order to access, modify, delete, download, or otherwise conduct any unauthorized activity.
• Comply with all applicable laws and regulations in regards to the submission and any associated activity

By submitting a vulnerability notification to Wipfli, you agree to grant Wipfli an irrevocable, worldwide right to use it, gratuitously and for a period of fifty years.