Software Vulnerability Research unable to send SMS
Incident Report for Flexera System Status Dashboard
Postmortem

Description: Flexera One - Software Vulnerability Research – US and Canada Customers Not Receiving SMS

Timeframe: July 6, 12:00 AM to August 21, 11:20 PM PDT

Incident Summary

On Thursday, July 6th, at 12:00 AM PDT, we were alerted to an issue that the Software Vulnerability Research platform was experiencing difficulties in delivering SMS messages to customers located in the United States and Canada. As a workaround, the customers were advised to utilize token-based two-factor authentication (2FA) instead.

Upon discovering the issue, we immediately contacted our communication provider, who informed us that messages to the US were failing due to recent changes in US regulations. These regulations now mandate the verification of all traffic, necessitating the provisioning of a new US Virtual Mobile Number (VMN) for clients and its submission to networks for verification.

Given that the approval process with our initial provider would have taken weeks, we made the decision to switch to another vendor. This alternative vendor was able to supply us with a temporary US number, allowing us to maintain essential communication capabilities during the incident.

On Monday, August 21st, we successfully implemented the new US Virtual Number provided by the alternative vendor, conducted thorough verifications and tests, and declared the incident resolved at 11:20 PM PDT.

Root Cause

The root cause of the incident was recent changes in US regulations, which required comprehensive verification of all message traffic. This, in turn, necessitated the adoption of a new US Virtual Mobile Number (VMN) for clients and its submission to networks for verification.

Remediation Actions

  1. Immediate Contact with Provider: Established immediate contact with the communication provider to address and resolve issues related to regulatory changes.
  2. Immediate Vendor Transition: As a response to the incident, we successfully transitioned to an alternate vendor to ensure uninterrupted service.
  3. Provision of New US VMN: Collaborated with the new provider to obtain and implement a new US Virtual Mobile Number (VMN) for clients to comply with updated regulations.

Future Preventative Measures

In order to secure and maintain permanent approval for SMS notifications, we will implement the following measures:

  1. Submission Process Management: Delegate the management of the new US Virtual Mobile Number (VMN) submission process to the communication provider for network verification.
  2. Opt-In Confirmation: Implement a system to send customers a confirmation message when they choose to receive SMS notifications.
  3. Transparent SMS Charge Notification: Ensure that customers are informed about potential SMS charges associated with certain carriers.
  4. Effortless SMS Unsubscription: Offer customers a straightforward option to unsubscribe from SMS notifications when they wish to do so.
Posted Sep 14, 2023 - 15:03 PDT

Resolved
This incident has been resolved.
Posted Aug 23, 2023 - 13:00 PDT
Identified
The issue has been identified - we are waiting for our vendor to restore the SMS service.
Posted Jul 26, 2023 - 20:55 PDT
Investigating
Software Vulnerability Research is unable to send SMS messages to customers in the United States. We are working to resolve this as soon as possible.

As a workaround for 2FA, consider using token-based 2FA as described here: https://docs.flexera.com/svr/ug/Content/helplibrary/Token_Based_Two_Factor_Authentication.htm

For help, please contact support. +1 630-332-5957 or +1 877-279-3781 Toll-free
Posted Jul 20, 2023 - 06:02 PDT
This incident affected: Software Vulnerability Research.