Safety & security are incredibly important to 雅博体育app and to the ecosystems we serve. As we see greater convergence of physical and digital systems, we all carry a shared responsibility to develop and maintain more secure, defensible, and resilient systems. 雅博体育app is committed to doing our part through robust security programs and initiatives. As an extension to our own efforts, 雅博体育app wishes to team with willing allies acting in good faith. As such, 雅博体育app welcomes the invaluable contributions offered by security researchers. To ensure a smooth and streamlined process, we are introducing our Coordinated Vulnerability Disclosure Program.
雅博体育app will not pursue legal action for those acting in good faith and in adherence to the coordination instructions and guidelines described in this policy, including compliance with all applicable laws.
Communicating with 雅博体育app
To ensure proper handling of the disclosure in both directions, please adhere to the following instructions:
Use our PGP public key available on this web page or other encryption methods to encrypt the message.
Do not include sensitive information (other than information related to the vulnerability details) in any screenshots or other documents or content you provide to us.
Once we have received your message, an appropriate 雅博体育app employee will acknowledge receipt within seven (7) calendar days.
What we expect of you
We are willing to work with security researchers who comply with the following guidelines:
Avoid any testing (or hacking) on active environments (use test or development environments to perform vulnerability testing)
Comply with all applicable laws and regulations
Do not access or modify any data in any account or system for which you do not have legal control
Do not take advantage of the vulnerability or any issue you have discovered; do not take any disproportionate or illegal actions
We ask you to work with 雅博体育app on selecting public release dates for information on discovered vulnerabilities to minimize the possibility of public safety, privacy and security risks
Inform us of your disclosure plans, if any, prior to public disclosure
Involve DHS-ICS-CERT, CERT/CC, relevant Regulators, or other appropriate government entities when prudent
Provide us with details of any communication on the vulnerability (and CVE) to vulnerability coordinators
Preference: Well-written reports in English will have a higher chance of prompt resolution
Preference: Reports that include proof-of-concept code equip us to better triage
What you can expect from 雅博体育app
Once we have received a submission, 雅博体育app will:
Acknowledge receipt within seven (7) calendar days.
Perform an initial assessment on the potential findings to determine accuracy, need for escalation and product group to escalate to. In this phase, you may:
Receive requests for additional information, or
Receive notification that the vulnerability is not accepted into the program because it does not meet the criteria of the program or provide sufficient detail. (You may respond to any notifications of non-acceptance by contacting cvd@雅博体育app.com)
Develop a resolution and take appropriate action depending on the criticality scoring of the vulnerability.
Provide the researcher with public recognition if requested and if the report results in a publicly released fix or communication.
Where necessary or if we are unable to resolve communication issues or other problems, 雅博体育app may bring in a neutral third party (such as CERT/CC, DHS-ICS-CERT, or the relevant regulator) to assist in determining how best to handle the vulnerability.
Note: Any information shared with 雅博体育app may be used by 雅博体育app in any manner determined appropriate by 雅博体育app. Submitting any information will not create any rights for the submitter, nor will it create any obligations for 雅博体育app.
Page Not Found
Page Not found or Currently under translation for the Language you requested.
If you want to redirect to English please click Yes