Vulnerability Management

Learn how Milestone's Vulnerability Management Policy ensures the security of our products through proactive identification, evaluation, and resolution of security vulnerabilities. Explore our role as a CVE Numbering Authority committed to transparent cybersecurity practices. 

Vulnerability Management

As part of our Security Development Lifecycle we have defined and published our Vulnerability Management Policy. It describes how Milestone proactively works to discover, collect, evaluate, resolve and disclose vulnerabilities found in our products and services to ensure the continued security and integrity of our products and services deployed and used by your organization. 

Vulnerabilities reported, either by Milestone development teams or external security researchers, will be thoroughly investigated and rated according to the Common Vulnerability Scoring System CVSSv3.1. Validated vulnerabilities will be registered in the CVE (Common Vulnerabilities and Exposures) database on https://www.cve.org/.

Further reading:  Vulnerability Management Policy

Report vulnerability:  Vulnerability form 

CVE Authority

As a CVE Numbering Authority (CNA) Milestone adheres to industry best practices for management and transparent communication of security vulnerabilities discovered in our products.  

Milestone being a CVE numbering authority, is a statement to our long-term commitment to follow industry standards and best practices for cybersecurity, ensuring that Milestone delivers secure and reliable products and services that can be trusted to be integrated with your IT infrastructure. 

Further reading: Vulnerability Management Policy  

Report vulnerability: Vulnerability form

Report vulnerability

Milestone appreciates and encourages efforts made by researchers in identifying and reporting vulnerabilities for Milestone products and services.  

We will process the reported vulnerabilities as described in our Vulnerability Management Policy. The policy also describes our expectations to you when researching and reporting vulnerabilities – for example, that you perform your research within legal boundaries that would not cause harm, expose privacy, or in general compromise the safety of our customers and partners as well as Milestone. 

Identified vulnerabilities in Milestone’s products and services can securely and confidentially be reported via our vulnerability form. You can include your contact details for further communication about the reported vulnerability, or alternatively, submissions can be anonymous if you choose so. In any case, all data submitted will be handled confidentially according to our Privacy Policy.    

Before reporting a vulnerability, please first consult our Vulnerability Management Policy for information about which types of vulnerabilities are ‘In-scope’ and ‘out-of-scope’. For example, vulnerabilities found in Microsoft Windows operating systems are out-of-scope and should be reported to Microsoft. 

Report vulnerability 
Vulnerability form 

Ready to see what we have to offer with smart video technology? 
Book a demo
Related content
How Milestone’s software meets video security needs within retail 
How access control works with Milestone's XProtect VMS
What is Milestone Kite and who is it for? 
You will be logged out in
5 minutes and 0 seconds
For your security, sessions automatically end after 15 minutes of inactivity unless you choose to stay logged in.