Update:

We now have a new place for publishing security-related announcements: Security Bulletins in Knowledge Base .

Hello.

Haven't had to do this yet. A serious vulnerability would be posted here: www.opclabs.com/forum/product-related (RSS feed is possible), with whatever info necessary to deal with it.

The product combines our own code and some libraries - mainly, the OPC UA .NET stack from OPC Foundation. We generally update our product to the latest version of the UA stack (or other libraries), but there may be some lag. The version of the UA stack used within a particular QuickOPC version is listed in the QuickOPC documentation, and you can track the UA stack for any issues. If a really critical issue appears, we would react and take over the fixed stack ASAP.

Severe security vulnerabilities in other parts of the code are less likely (because the code does not make the direct communication), but of course still possible. If reported to us, we would deal with them in the same "industry standard way", that is, address them in reasonable time (which is usually several weeks), and then publish, together the with the mitigation/resolution.

Best regards