Disclosure Policy

Reporting security vulnerabilities


If you believe you have discovered a vulnerability in any Muddy Boots product, please submit a vulnerability report via email to security@muddyboots.com. If the issue is urgent you may also call our office via our UK switchboard at 01989 780540
Please do not publicly disclose these details without expressed prior written agreement from Muddy Boots.


As a software development company, keeping our customer data safe is Muddy Boots’ primary concern. Muddy Boots uses a Secure Development Lifecycle process to integrate security into its products from design, through development and release. However, sometimes vulnerabilities escape detection, or new exploits are released after the product is already on the market.

At Muddy Boots we investigate all received vulnerability reports and implement the best course of action in order to protect our customers.

If you are a customer and have discovered a security vulnerability in our products, we appreciate your help in disclosing it to us in a responsible manner.

If you identify a verified vulnerability in compliance with Muddy Boots’ Responsible Disclosure Policy, Muddy Boots commits to:

•    Provide prompt acknowledgement of receipt of your vulnerability report (within 48 business hours of submission). This will be typically via email, and possibly a follow on call from our support team.
•    Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together
•    Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated
•    Publicly acknowledge your responsible disclosure (if you wish credit for such disclosure)

If you feel that your identified issue or report falls outside this scope, please contact us via our email listed above or company telephone numbers also listed above.

Muddy Boots supports responsible disclosure, and we take responsibility for disclosing product vulnerabilities to our customers. To encourage responsible disclosure, we ask that all customers comply with the following Responsible Disclosure Guidelines:

•    Allow Muddy Boots an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, in order to ensure that Muddy Boots has developed and thoroughly tested a patch or product update and made it available to licensed customers at the time of disclosure.
•    Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
•    Do not modify or destroy data that does not belong to you.

Responsible disclosure guidelines suggest that customers have an obligation to patch their systems as quickly as possible, and it is customary to expect patching to be completed within 30 days after release of a security patch or update. Muddy Boots advises its customers that those who exploit security systems often do so by reverse engineering published security updates, and therefore encourages its customers to patch as quickly as possible.

The Muddy Boots senior management and security teams have overall responsibility for this policy, and for reviewing the effectiveness of actions taken in response to concerns raised under this policy. Various members of staff at Muddy Boots have day-to-day operational responsibility for this policy, and must ensure that all managers and other staff who may deal with concerns or investigations under this policy receive regular and appropriate training.

Muddy Boots’ Infrastructure Managers and Security Group reviews our Vulnerability Disclosure policy from a legal and operational perspective on an annual basis.

This site uses cookies, your continued use implies you agree with our cookie policy. Dismiss