Foxit Software Responsible Disclosure Policy

Foxit takes security very seriously and aims to provide the industry’s most secure solutions and services to keep customer data and systems safe. At Foxit, we investigate all received vulnerability reports and implement the best course of action in order to protect our customers. Foxit believes that working with skilled security researchers can identify weaknesses in any technology.

If you are a security researcher and have discovered a security vulnerability in our products and services, we appreciate your help in disclosing it to us in a responsible manner.

If you identify a verified vulnerability in compliance with Foxit’s Responsible Disclosure Policy, the Foxit security team commits to:

  • Provide prompt acknowledgement of receipt of your vulnerability report (within 48 business hours of submission)
  • Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together
  • Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated.
  • Post a description in a security bulletin when the fix is released, and acknowledge your contribution.
  • Post a security advisory if required

Reporting a potential security vulnerability:

  • Send an email to [email protected] to request gpg key
  • Privately share details of the suspected vulnerability with Foxit by sending an email encrypted using gpg key to [email protected]
  • Provide full details of the suspected vulnerability so the Foxit security team may validate and reproduce the issue

Foxit does not permit some types of security research:

To encourage responsible disclosure, we ask that all researchers comply with the following Responsible Disclosure Guidelines:

  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues as quickly as possible.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Foxit Software service.

While researching, the following conduct is expressly prohibited:

  • Performing actions that may negatively affect Foxit and its users (e.g. Spam, Brute Force, Denial of Service…)
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on Foxit personnel, property, or data centers
  • Social engineering any Foxit service desk, employee, or contractor
  • Violating any laws or breaching any agreements in order to discover vulnerabilities

Foxit’s Chief Security Officer and General Counsel reviews our Vulnerability Disclosure policy from a legal and operational perspective on a yearly basis.

Foxit would like to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Foxit.

2023 © Foxit Software Incorporated. All rights reserved.
Newsletter
Foxit PDF Editor Releases & Security Bulletins

Popular Features

PDF Creator

PDF Software

Edit PDF

Split PDF

Annotate PDF

Scan to PDF

Sign PDF

Protect PDF

Key Products

PDF Editor

Foxit eSign

PDF Reader

Smart Redact

Admin Console

Document Transformation Services

PDF Compressor

Developer Portal

PDF IFilter

Ultraforms

PDS

PDF Solutions

Paperless office

PDF accessibility

Education Solutions

Government Solutions

Banking Solutions

Insurance Solutions

Legal Solutions

Healthcare Solutions

Manufacturing Solutions

Online PDF

PDF to Word

Word to PDF

Compress PDF

Merge PDF

PDF to JPG

JPG to PDF

PPT to PDF

PDF to PPT

PDF to Excel

Excel to PDF

PDF Converter

Company Resources

Forum

Multi-language Translation System

Export Information

Privacy Policy

Refund Policy

Responsible Disclosure Policy

Imprint

Acquisitions

Terms of Use

Contact

Sales

1-866-680-3668

Support & General

1-866-MYFOXIT

OR 1-866-693-6948