FIS

Hi all,

FIS have been working around the clock since last week in an effort to secure the LOG4J vulnerability. Unfortunately, as in our scope, FIS won't pay out for 0-day vulnerabilities in the first 30 days of discovery. We do appreciate the reports that came in during the last few days, but we'll mark these down as informational.

However, if you discover a LOG4J vulnerability that isn't already going through remediation/patching from Jan 10th, please feel free to report this in and it will be assessed.

Personally, we'd like to thank the researchers that did put reports in over the weekend in an effort to help FIS secure themselves and their customers.

All the best and happy holidays,

Nick and the FIS team