1. Introduction
At Radiant Logic, Inc., we are committed to maintaining the security and integrity of our products and services. This Vulnerability Reporting outlines our approach to identifying, managing, and addressing security vulnerabilities to protect our customers and maintain trust in our solutions.
2. Scope
This policy applies to all Radiant Logic products and services, including software, hardware, and cloud solutions. It covers the processes for vulnerability reporting, assessment, and resolution.
3. Vulnerability Reporting
a. Reporting: We encourage security researchers, customers, and other stakeholders to report any suspected vulnerabilities in our products or services. Reports can be submitted via email: [email protected].
b. Information Required: When reporting a vulnerability, please provide the following information:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- The potential impact or risk associated with the vulnerability
- Any additional information or evidence (e.g., screenshots, logs)
c. Payments and Rewards: By submitting a vulnerability, the security researcher agrees that there is no expectation of payment and waives any future claims for compensation related to the submission.
4. Vulnerability Assessment
a. Acknowledgment: Upon receiving a vulnerability report, we will acknowledge receipt within 72 hours. We appreciate your patience as we review the report.
b. Evaluation: Our security team will evaluate the reported vulnerability to determine its validity and potential impact. This process typically takes 1-2 weeks.
c. Communication: We will keep you informed about the status of your report, including any findings, actions taken, and timelines for resolution.
5. Remediation
a. Prioritization: Vulnerabilities will be prioritized based on their severity, impact, and exploitability. Critical vulnerabilities will be addressed as a priority, while lower-severity issues will be resolved based on available resources.
b. Fix Deployment: Once a fix or mitigation is developed, we will deploy it as part of our regular update process or through emergency patches if necessary. We will notify affected customers about the availability of the fix and provide guidance on its implementation.
c. Verification: After remediation, we will verify that the vulnerability has been successfully addressed and that no new issues have been introduced.
6. Compliance and Governance
a. Policy Review: This policy will be reviewed annually and updated as needed to reflect changes in our security practices and industry standards.
b. Compliance: We comply with applicable laws and regulations related to security vulnerability management and strive to adhere to best practices in the industry.
7. Contact Us
For any questions or concerns regarding this policy or security vulnerabilities, please contact us at: [email protected].
