Order Now

BleuIO

$24.99

Buy Now

Vulnerability Disclosure Policy

Introduction

BleuIO is committed to ensuring the security of its products. The objective of this Vulnerability Disclosure Policy is to provide clarity and transparency to our customers and users. This policy describes the guidelines for conducting and reporting security vulnerabilities in BleuIO products. The policy also describes the steps taken by BleuIO for responding, handling, and disclosing vulnerabilities as they are reported.

If you wish to report a potential security vulnerability, please continue reading the rest of this policy.

Scope

This policy applies to all BleuIO products.

Guidelines

  • Notify us as soon as possible after discovering a potential security vulnerability.
  • Do not take advantage of a potential security vulnerability, other than to confirm its
    existence.
  • We will not use your contact information for any purpose other than for handling the
    reported potential security vulnerability.
  • Avoid sending attachments if possible.
  • We allow anonymous reporting.
  • We currently do not offer any reward or bug bounty program.
  • Please provide information in English.

Reporting a Vulnerability

Please report any potential security vulnerabilities by submitting information to BleuIO directly via the email address linked below. If you want additional security, use our PGP Public Key.

Email address: security@smartsensordevices.com
PGP Public Key: [Link]

Please be as detailed as possible when writing your report to avoid uncertainties in communication. This way we can resolve the issue as quickly as possible.

Provide the following information in your report:

  • Contact information

    • Name
    • Organization/Company (optional)
    • Email address
    • PGP key (optional)

  • Product name, model number and version

  • Vulnerability information

    • Description of the vulnerability and potential exploits, including the type of
      vulnerability
    • Detailed instructions on how to reproduce the vulnerability step by step

Handling of a Report

Our aim is to respond to you within a reasonable timeframe informing you of our findings.

Upon receiving a report you can expect:

  1. A reply acknowledging that the report has been received

  2. We will investigate and validate the existence of a potential security vulnerability
    within 5 days of becoming aware of the report
    a. If a security vulnerability is confirmed to not exist, or we are unable to
    reproduce the potential security vulnerability: We will inform the reporter
    b. If a security vulnerability is confirmed to exist: We will inform the reporter, and
    may in specific cases, inform our customers and users, and begin working on
    a solution or mitigation

  3. When a solution or mitigation has been developed and deployed, we will disclose the
    vulnerability to the reporter and to our customers and users through appropriate
    channels, by including relevant information about the vulnerability and how to apply
    the solution or mitigating measures

Links

Support Request

If you have any queries or technical questions, please don't hesitate to send us a message. We will reply within 24 hours.