Icotera Vulnerability Disclosure Policy

1: Owner information

Icotera Vulnerability Disclosure Policy

Objective:
At Icotera we are committed to providing CPE products that allow its customers to easily and effectively protect their users and their network from malicious actions.

This is done by ensuring the security of our Consumer Premises Equipment (CPE) products software and configuration recommendations.

This Vulnerability Disclosure Policy outlines the procedures for security researchers and individuals to responsibly report potential vulnerabilities in our products.

Icotera PSIRT
Issues relating to product security are handled by the Icotera Product Security Incident Response Team (PSIRT).

Scope:
This policy applies to all Icotera CPE products and associated services.

Reporting a Vulnerability:
If you have discovered a security vulnerability in an Icotera CPE product, we encourage you to report it to us in a responsible manner. Please follow these steps:

Submit Your Report:
- Email your findings to security@Icotera.com.
- Describe which model and firmware version that have been investigated.
- Include a detailed description of the vulnerability, along with steps to reproduce it.
- Attach any necessary supporting documentation (e.g., screenshots, proof-of-concept code).

Encryption:
- Encrypt your email using our PGP key to ensure the confidentiality of the communication.

Provide Contact Information:
- Include your contact information, including your name and email address.

Response Time:
- Icotera is committed to acknowledging receipt of your report within 72 hours.
- We will provide regular updates on the status of the investigation.

Responsible Disclosure Guidelines:

- Security researchers are expected to make reasonable efforts to avoid privacy violations, service disruptions, and destruction of data during their research.
- Do not disclose the vulnerability to the public or any third parties until Icotera has had a reasonable time to address the issue.

Our Commitment:

- Icotera is committed to working with security researchers to understand and address reported vulnerabilities promptly.
- We will provide public credit and recognition to the security researcher, with their consent, upon successful resolution of the vulnerability.

Legal Safe Harbor:

- Icotera will not pursue legal action against individuals who discover and report vulnerabilities in accordance with this policy.

Exceptions:

- This policy does not grant permission to engage in any activities that could harm Icotera or its customers.
- Icotera reserves the right to update this policy at any time without notice.

Contact Information:
- For any questions or concerns regarding this policy, please contact security@Icotera.com.

PGP Key:

- Icotera PGP key can be found here.

Thank you for helping us keep our products secure!
Icotera Security Team