ServiceMax does its utmost to deliver secure and resilient products and services. Should you identify a vulnerability in one of our products, rest assured that ServiceMax will address it quickly and efficiently.

Vulnerability Reporting

To help facilitate the reporting process and to ensure integrity of our platform and other related products, please follow the below guidelines

ServiceMax does not allow penetration testing of its ServiceMax managed cloud products without prior authorization. If you are a Customer, please contact your Account Representative for details. If you do encounter a vulnerability in one of our products, we encourage you to report it in a responsible and secure fashion by emailing us:

Email: (For privacy and security purposes, please encrypt using PGP key available here)

So that we may more effectively respond to your report, please provide:

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product and version that contains the bug (Salesforce FSM, ServiceBoard, GO App Mobile, etc.)
  • Security updates or other updates for the product you have installed
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if any)
  • Impact of the issue, including how an attacker could exploit the issue


Please Note:

For ServiceMax customers who are subscribing to the Field Service Management product suite that sits on the Salesforce platform, please report any Salesforce specific vulnerabilities to Salesforce by visiting their Responsible Disclosure Policy page.

For any Amazon Web Services (AWS) vulnerabilities, please report them to AWS by visiting their Vulnerability Reporting site.

ServiceMax Commitment and Responsibility

ServiceMax is committed to acknowledging, responding, and remediating the reported issue and keeping you informed as we work to address your Security concern.

You will receive a personal acknowledgment within the first 24hrs and daily updates as to progress.

In the spirit of responsible disclosure, ServiceMax will notify potentially impacted customers when ServiceMax will address the vulnerability or when they must take action to patch or otherwise remediate the vulnerability.

Our Policy is to acknowledge and credit researchers in any advisory we submit when a fix is issued for the reported security vulnerability.