Application Security Process - Version 2023 - Security - Hexagon

Hexagon ALI uses all its resources to ensure that security requirements are met. The discovery of security vulnerabilities may occur through a variety of sources, such as pre-release security testing, notification from our vendors, or from third-party organizations such as CISA. When a vulnerability is detected, our personnel open a work item in our internal tracking system to trace its history from discovery to resolution. Each security vulnerability is reviewed and scored according to its criticality, according to the Common Vulnerability Scoring System (CVSS) score, which is based on a scale from 0.0 to 10.0. For specific documentation for CVSS, see Common Vulnerability Scoring System.

Critical security vulnerabilities trigger a Security Control Board meeting to discuss the appropriate resolution. Non-critical security vulnerabilities are mitigated and/or addressed as part of the regular development update and release cycle.