Responsible disclosure of discovered vulnerabilities

It is important for us at WolfVision that our customers can feel safe and secure when using our products. We therefore constantly strive to achieve the highest possible security and quality. Despite this, an issue could be discovered, that affects our device security. If you have found such a security flaw, we would like to hear more about it to be able to correct the problem as soon as possible.

We are thankful to you for taking the time to report to us weaknesses you discover, but kindly ask you to adhere to the following responsible disclosure guidelines.

What to report

  • Vulnerabilities in Firmware running on our products, that allow unauthorized users to gain access to device configuration or data stored on the device, or run unauthorized software on the device
  • Vulnerabilities in our applications and tools used to configure and manage our devices, that allows unauthorized users to read or change device configuration or any data stored on the device

What not to report

  • Any vulnerability without a properly described evidence report of proof of possible exploitation
  • Vulnerabilities only affecting users of outdated or unpatched versions (older than two releases) or for users who have intentionally reduced security settings on their devices

If you have found a vulnerability, we kindly ask you to

  • Not take advantage of the vulnerability you have discovered, for example by downloading more data than necessary for a demonstration
  • Not reveal the problem to others until it has been resolved and WolfVision agrees on its disclosure
  • Never publicize any data that you have retrieved through a vulnerability
  • Provide sufficient information to reproduce the problem so we will be able to resolve it as quickly as possible.

We promise you that your notification will be reviewed and if the problem is confirmed, you will be notified within 2 business days with acknowledgement of the issue. The issue will be fixed according to our internal processes, and you will be notified of the resolution. If you have followed the instructions above and acted in good faith, we will not take any legal action against you in regard to the notification, and we will not pass on your personal details to third parties without your permission.

Contact us about vulnerabilities

[email protected]

PGP Key Download
https://wolfvision.com/.well-known/pgp-key.txt