Get Started
Solutions Overview
Industries Overview

Support

Looking for access to technical support, best practices, helpful videos, or training tools? You’ve come to the right place.

About Accruent

Get the latest information on Accruent, our solutions, events, and the company at large.

Accruent PSIRT Policy

Overview

The Accruent PSIRT team is responsible for maintaining security standards for Accruent products by assessing and minimizing customer risk associated with security vulnerabilities by providing timely information, guidance and remediation for vulnerabilities in our products. The Accruent global PSIRT team manages the receipt, investigation, remediation and public reporting or information about security vulnerabilities related to Accruent products. Key responsibilities of the Accruent PSIRT team are to intake, triage, respond to and disclose externally identified vulnerabilities in Accruent products.

Reporting

Accruent welcomes reports of potential product vulnerabilities from independent researchers, industry organizations, vendors, customers and others concerned with product security.

To report a potential vulnerability, please use the Report a Potential Vulnerability form below.

Escalation Procedures

Accruent offers a clear and easily accessible reporting channel via a secure contact form on the Report a Vulnerability page. Each form submission generates a ticket which is reviewed by a member of our PSIRT team.

Responsible disclosure reports will receive an automatic response indicating that we have received their submission. A member of our PSIRT team will reach out to the reporter with the vulnerability verification results.

Time to remediation is determined by the vulnerabilities’ priority level; please see Incident Classification below. Public disclosure of a Accruent vulnerability may be disclosed within the product release notes.

Vulnerability Classification

Accruent follows NIST standards available here: https://nvd.nist.gov/vuln-metrics/cvss.

PSIRT Vulnerability Management Process

The vulnerability management process is a systematic approach to identifying, assessing, prioritizing and addressing vulnerabilities within Accruent applications. It involves a series of activities aimed at reducing the risk posed by vulnerabilities and ensuring the overall security of our organization’s offered products.

Vulnerability triage steps are as follows:

  1. Intake: Receive vulnerability report and acknowledge receipt.
  2. Analysis: Identify vulnerability from internal source and verify the report. Verify the vulnerability.
  3. Feedback: Inform reporter of vulnerability verification status.
  4. Remediation: Develop and deploy remediation.
  5. Disclosure: Publish advisory within release notes. Engage in post-remediation activities.

Vulnerability Management

Accruent takes security concerns seriously and prioritizes their prompt evaluation and approach. Response timelines will depend on a number of factors including the severity and impact, specific product or feature affected, the current product development cycle and the technical requirements needed to properly address the concern or issue. Remediation may include any of the following actions:

  1. A new product release
  2. An Accruent security update
  3. Third-party-directed update installation or patch
  4. Other procedural approach to mitigate the vulnerability or concern

Accruent is dedicated to the prompt resolution of all potential or actual security vulnerabilities but does not guarantee any specific remediation or resolution for reported concerns.

Coordination with Stakeholders

In addition to the Accruent PSIRT team outlined above, Accruent may employ commercial incident investigation firms if necessary to properly address any given issue.

PSIRT team communication tools include those approved for corporate use for widespread communication within Accruent and for the project and task tracking of engineers. This is how Accruent will disseminate information to appropriate stakeholders.

Report a Potential Vulnerability

To report a vulnerability, please fill out the form below. We aspire to respond to researchers within 72 hours regarding the status of the potential finding. We appreciate your patience and dedication to improving the security of products at Accruent.