We take the security of our systems seriously and we welcome feedback from security researches in order to improve the security of our products and services.
We require that all researchers:
- Take into account the respect for the law. Vulnerability scanning could not serve as a pretext for attacking a system or any other target. Several actions must be avoided. For example:
o Using social engineering
o Compromising the system and persistently maintaining access to it
o Changing the data accessed by exploiting the vulnerability
o Using malware
o Using the vulnerability in any way beyond proving its existence. To demonstrate that the vulnerability exists, the reporter could use non-intrusive methods. For example, listing a system directory
o Using brute force to gain access to systems
o Sharing vulnerability with third parties
o Performing DoS or DDoS attacks
- Keep information about any vulnerabilities you’ve discovered confidential between yourself and Salto Systems until we resolve the issue.
- Send an email to firstname.lastname@example.org if you have identified any issue that potentially can affect the security of our products or services.