Product security
Software security has become the most vital issue in the networking industry. We believe that software security in our products is more important than ever.
As the foundation for our product security program, we have adopted the ISO 27001 Standard.
Our product security incident response team (PSIRT) is a carefully selected group of Adtran employees specifically tasked with responding to security incidents with our product line.
You can report any potential or real instances of security vulnerabilities with any Adtran products by emailing us at product.security@adtran.com. We kindly ask you to abstain from releasing the details of the vulnerabilities publicly, as an ethical and best practice, until resolution and advisory to the reported issue will be published.
Report should contain as much information as possible, to help us investigate and prioritize submissions. We recommend at minimum to include vulnerability description, steps to reproduce, potential impact and affected product name and version. You can encrypt any sensitive information you send to us using our PGP public key. It is also available at various key servers.
All issues reported to the PSIRT team will be acknowledged within 7 business days. Following that reported vulnerabilities will be investigated and after confirming patches will be generated where necessary, and a security advisory will be released. You will be regularly updated about the status of the analysis and resolution progress. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and patches.