Vulnerability Disclosure Policy
We take security issues extremely seriously and welcome feedback from security researchers in order to improve the security of our networked products, apps, and cloud services. We operate a policy of coordinated disclosure for dealing with reports of security vulnerabilities and issues. We appreciate reporting identified vulnerabilities, regardless of service contracts or products’, apps’ and/or cloud services’ lifecycle status.
To privately report a suspected security issue to us for one of our networked products, mobile apps, or cloud services, please send your report to firstname.lastname@example.org.
We will be glad if you can give some basic details, typically:
- Name/type of affected product/app/service, plus specific model number, serial number, etc.
- Any Proof of Concept(POC) setup details
- Description of the steps to reproduce the issue
- Public references if there is any
We recommend you encrypt all e-mail communications with our Product Security Incident Response Team’s public PGP key.
By following the HomeWhiz Vulnerability Disclosure Policy, we will respond to you within a maximum of 48 hours upon receiving the initial report. If the reported security issue will be confirmed by looking at the impact, severity, and exploit the complexity of the vulnerability report; we may ask for your further contribution to resolve the potential vulnerability within 90 days, and we will be updating you about the progress every 2 weeks. We also kindly ask you to keep the vulnerability confidential and expect you to refrain from, such as conducting unapproved denial of service attacks, load tests, social engineering, or other undesirable activities, until we make a fix available.
Once the fix is available, we will notify you and recognize your efforts on this page, upon your confirmation.