Letting customers know about a security vulnerability is never an easy thing. From the logistics of it to the reputation management issues. But this is a critical aspect of delivery software and services.

Recently MuleSoft handled a disclosure in a truly impressive way. They reached out via email and then called customers to let them know about the issue. This not only helps get the word out but also provides much needed context for the patch that is typically lacking.

References:

• Catalin Cimpanu for ZDNet on the issue, https://www.zdnet.com/article/how-mulesoft-patched-a-critical-security-flaw-and-avoided-a-disaster/