Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
News › Security Policy Register  |  

PortalWebHosting
  Issues  
 


  Report Issue  




Enter the code shown above in the box below
Send

 
 


Security Bulletins Policy

DotNetNuke takes the issue of security very seriously, and makes every possible effort to ensure speedy analysis of reported issues, and where required, provides workarounds and updated application releases to fix them.

We request that all suspected issues/security scan results get emailed to our security alias displayed below or entered through the online form displayed to the right :

security@dotnetnuke.com

Any information submitted to this alias is kept confidential and is only viewed by members of the DotNetNuke Security Task Force, and will not be discussed outside this group without permission from the person/company who submitted the information. Confirmed issues will be assigned a level to indicate their relative severity and potential impact. This information will be made available via the security blog, forum posts, and where judged necessary, an email bulletin.

Bulletin Levels

Critical

A bulletin rated critical is one where an exploit can be exploited by a remote attacker to gain access to DotNetNuke data or functionality. A critical vulnerability will have a recommended workaround or fix that should be applied as soon as possible.

Moderate

A moderate bulletin is one where a portal can be compromised, but requires some dependant actions e.g. a particular module or a user within a particular role is required, which is then used to gain access to data or functionality. Issues at this level will often have recommended actions to remove the issue.

Low

All other issues are rated as low. These will contain flaws that are very difficult to exploit, or where an exploit has a limited impact.

Disclosure Policy

When a bulletin is posted, we will provide details to inform users of the versions impacted, and unless it will give too much information to potential hackers, the attack vector and potential impacts.

DotNetNuke Core Security Blog

This blog is used to detail any security related posts. This will include both posts on general security matters, as well as information on new issues, releases and documentation.

Security Blog

It is a recommended resource to keep up to date on DotNetNuke security information.

 

 
 


Security Documentation
 TitleOwnerCategoryModified DateSize 
Hardening DotNetNuke InstallationsShaun Walker 7/21/2006268.02 KBDownload
Secure Module DevelopmentShaun Walker 7/21/2006267.98 KBDownload
 


PartnerPoint - Microsoft Technology Community
PartnerPoint is one of the largest online communities of Microsoft Partners Worldwide. With over 5,000 active members, it serves as a collaboration platform for other technology communties around the globe
www.partnerpoint.com 		Web Valley
Website design, Database development
www.webvalley.com 		UK DotNetNuke CMS installation, hosting & support
UK based installation, branding, customising, integration, hosting, training, support and maintenance services for DotNetNuke
www.deburca.co.uk

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP