F-Secure maintains an open and collaborative relationship with independent security researchers interested in investigating and responsibly disclosing vulnerabilities in our products.
Each security vulnerability reported to us undergoes a thorough investigation on a case-by-case basis and involves multiple stages including testing, resolution and localization. Due to the highly individual nature of such reports, there is no set timetable for the completion of a vulnerability investigation.
Once a vulnerability in our product has been confirmed and a patch for it created and tested, we will customarily release a Security Advisory providing the necessary details of the issue for the benefit of our partners and customers. An update for the affected product(s) containing the patch is customarily released at the same time.
As it is common for attackers to peruse and dissect recently published advisories to identify the underlying vulnerability for further exploitation, we strongly recommend that our users promptly patch any affected products under their administration.
For more information about reported vulnerabilities in F-Secure products, including fixes for them, please see our Security Advisories.
If you are a security researcher wishing to report a vulnerability in F-Secure products or services, please see Reporting Vulnerabilities. You may also wish to check the Vulnerability Reward Program to see if the issue you are reporting may be eligible for consideration under the program.
If you are an F-Secure product user and would like further information or assistance on issues or problems related to usage of the product, please contact Support.
This includes (but is not limited to) product updates and patching issues, login/password problems, and suspected account abuse concerns.