Vent-Axia takes threats to our customers' security seriously and works hard to provide secure products that will protect users' privacy and data. We wish to encourage the reporting of any product security concerns.
Responsible Reporting Guidelines
- All parties to a vulnerability disclosure should comply with the laws of their country or region.
- Vulnerability reports should be based on the latest released firmware, and preferably written in English.
- Report vulnerabilities through the communication channel listed on this page. Vent-Axia may receive reports from other channels but does not guarantee that the report will be acknowledged.
- Adhere to data protection principles at all times and do not violate the privacy and data security of Vent-Axia’s users, employees, agents, services or systems during the vulnerability discovery process.
- Maintain communication and cooperation during the disclosure process and avoid disclosing information about the vulnerability prior to a negotiated disclosure date.
- Vent-Axia is not currently operating a vulnerability bounty program.
Vent-Axia’s Vulnerability Process
Vent-Axia will try to obtain information regarding product vulnerabilities from testing as well as from the security community. Vent-Axia encourages reporting of any potential vulnerabilities directly from customers, vendors, researchers, security organisations, etc. so as to be aware of these vulnerabilities within the soonest timeframe.
Following the submission of a Vulnerability Report, Vent-Axia will respond as soon as possible. Usual response time is within five business days.
The product team will investigate the vulnerability that has been reported to understand its validity, impact and severity. During this period contact may be made with the reporter to obtain further information if necessary.
An action plan will be developed to rectify the vulnerability, the required time to implement a fix varies depending on the complexity of the vulnerability. Vent-Axia will endeavour to action vulnerability fixes as quickly as possible. Should you wish to you can keep up to date with progress on remediation work.
Vent-Axia will issue a security advisory if the vulnerability is rated as Critical and a mitigation solution is in place to assist customers in removing all security risks, or if the vulnerability has been exploited and poses a potential to increase security risk to customers. In the later case the advisory may be issued with or without a fix in place.
Reporting Vulnerabilities
Please fill out the below report and we will respond within 5 working days: