At Axon Ivy, we take security seriously. If you believe you've found a security vulnerability in our software, we encourage you to let us know right away. We investigate all reported vulnerabilities promptly.

To report a vulnerability, please send an email to security@axonivy.com with the following information:

• Description of the vulnerability
• Steps to reproduce the vulnerability
• Any additional information or context that may be helpful

Please refrain from publicly disclosing the vulnerability until it has been addressed by our team.

We strive to respond to security vulnerability reports as quickly as possible. Upon receiving your report, we will acknowledge it within 72 hours and we will release a patch as soon as possible depending on complexity, but historically within a few days. Please report (suspected) security vulnerabilities at https://support.axonivy.com/.

We encourage responsible disclosure of security vulnerabilities. We believe that working together with security researchers and the broader community helps us improve the security of our software for everyone.

For any questions or concerns regarding security, please contact us at security@axonivy.com.