Vulnerability Reporting and Disclosure Policy
Introduction on Vulnerability Reporting and Disclosure Policy
Inventor A.G S.A together with its subsidiaries, (hereinafter referred to as “Inventor A.G S.A”, “we”, “us”, “our”) is dedicated to preserving the security and integrity of its Products. This dedication also encompasses the protection of data, including personal information, and ensuring the privacy of end-users. Moreover, our objective is to avoid any adverse effects on network operations or the misuse of network assets. As part of our security efforts, we encourage the responsible disclosure of any potential vulnerability found in our Products.
Vulnerability reporting process
Based on our commitment to enhance the safety of our products we welcome anyone, including security researchers, developers, and customers, to report vulnerability issues. Therefore, if you believe you've identified a security or privacy vulnerability in the products of Inventor A.G S. A, you can complete the template and report the security issue directly to: productinfo@inventor.ac.
The vulnerabilities reporting and handling process applies to aspects of our Products, such as Hardware components, pre-installed software on the product provided when the product is supplied to the customer, Software which must be installed on the product necessary for the product's intended functionality, software utilized for or associated with any intended purpose of the Product.
Vulnerability Confirmation and Acknowledgement of Receipt
Once we receive a vulnerability report, our responsible team will make sure to acknowledge receipt of the report to the individual who submitted, by responding within 7 calendar days. In case further information is required for the purpose of a more effective and thorough research, the responsible team will contact the reporter promptly.
Vulnerability Fix
Inventor A.G S.A will take appropriate actions to address promptly and effectively all reported vulnerabilities. Our responsible team will analyze the vulnerability, evaluate the actual impact on the product and develop, if necessary, remediation plans. Fixes will be developed to resolve the identified vulnerability while maintaining the functionality and usability of the affected Product(s). We will regularly update the vulnerability reporter on the progress of vulnerability fixes.
Vulnerability Closure and Announcement
Inventor A.G S.A is dedicated to transparently reporting security issues to our clients and consumers. After thoroughly examining a vulnerability, Inventor A.G S.A will establish a suitable action plan, which may involve notifying users about available fixes and offering guidance on their implementation. We will update the Reporter accordingly as our objective is to ensure that those impacted are aware of significant security concerns and receive assistance in addressing them.
During the process of addressing vulnerabilities, our response team will tightly manage the scope of vulnerability details, sharing them only with relevant staff members tasked with resolving the issue. We at the same time request from reporters, to maintain confidentiality regarding vulnerability information until we reach a comprehensive solution and share it with our customers. Our company will implement appropriate measures to safeguard acquired data in compliance with legal standards. Unless expressly requested by affected customers or mandated by law, this information will not be disseminated to third parties without prior consent.
Notice
This Vulnerability Reporting and Disclosure Policy is regularly reviewed and may be revised or modified as needed to align with advancements in technology, relevant regulations, or recommended protocols.