Vulnerability Disclosure Policy
Reporting a Vulnerability
Information received under this policy will be used to remediate or mitigate vulnerabilities only. We will not share your name or contact information without express permission.
We accept vulnerability reports via firstname.lastname@example.org and will respond within 2 working days to the contact information provided.
What to include in a vulnerability report
In order to help us prioritise submissions and respond efficiently, please provide the following details in your report:
- Product Name
- Product Version
- Type of Vulnerability
- Detailed description of the steps needed to produce the vulnerability (including any relevant photos or screenshots)
- Problem caused by the vulnerability
What you can expect from us
By providing your contact information, we are committed to communicating with you as efficiently and openly as possible.
- Within 2 working days, we will acknowledge the receipt of your vulnerability report
- We aim to provide support to the best of our abilities and work closely to solve the reported issue within 90 working days.
- Weekly status updates of the vulnerability will be provided until the issue is resolved.
- Support will be provided for the entire duration from product launch to discontinuation of product. In the event of a discontinued product, such information will be announced on the website at least half a year before the product is officially discontinued.