Vulnerability Disclosure Policy (VDP)
RansNet Singapore Pte Ltd
As a provider of networking and security solutions, we are committed to ensuring security and privacy to our customers. Whether you’re a partner or user of RansNet products, a software developer, or simply a respected ethical hacker, we welcome you to be part of our ecosystem and contribute to improve wellbeing and protection for our customers. We encourage you to contact us to report potential vulnerabilities in our systems.
For clarity, this VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations.
REPORTING SECURITY ISSUES
If you believe you’ve discovered a security vulnerability on RansNet products or software, we would kindly request you:
Notify us as soon as possible after you discover a real or potential security issue, via email to firstname.lastname@example.org
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.
Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
In order to help us triage and prioritize submissions, we recommend that your reports:
Describe the location the vulnerability was discovered and the potential impact of exploitation.
Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
Once we’ve received your report, we will take a series of actions to address the issue.
Once you email to email@example.com, an incident ticket will be created within 4 hours and acknowledge your receipt of your report.
Our helpdesk team will assess the vulnerability scope and forward to our respective internal research and development team for deep dive analysis.
Our R&D team will investigate and verify the vulnerability, and release updates or patches to the software. If for some reason this cannot be done quickly or at all, RansNet will recommend interim mitigations.
We will provide daily update until the issue is resolved.
We will publicly announce the vulnerability to inform our affected customers and provide recommended mitigations.
This vulnerability will be included in future software releases and we will specify the version that fixes this vulnerability.
We greatly appreciate your efforts to help us improve our products and better protect our customers. Thank you for working with us through the above process.