-1?wid=1664&hei=445&fmt=png-alpha)
Disclosure Policy
ASSA ABLOY Global Solutions Marine values insight from the security research community and welcomes disclosure and collaboration with this community.
ASSA ABLOY Global Solutions Marine's Responsible Disclosure Policy
ASSA ABLOY Global Solutions Marine believes that the disclosure of vulnerabilities is essential for improving the quality of our products and services, safety of our customers that rely on them and awareness as to their choices relative to preserving their specific interests. ASSA ABLOY Global Solutions Marine values insight from the security research community and welcomes disclosure and collaboration with this community.
ASSA ABLOY Global Solutions Marine values the insight and commitment of security researchers and other vulnerability investigators to make the world a safer place by discovering vulnerabilities of security solutions and providing mechanisms to privately report them with legitimacy and integrity.
Responsible disclosure ensures that security access infrastructure is tested and proven reliable. Moreover, the commitment to mitigate vulnerabilities is reassuring for our customers and the security industry as a whole.
The following is ASSA ABLOY Global Solutions Marine’s responsible disclosure policy:
- ASSA ABLOY Global Solutions Marine will disclose known vulnerabilities and their fixes to its customers in a manner that protects ASSA ABLOY Global Solutions Marine and its customers. Disclosures made by ASSA ABLOY Global Solutions Marine will include credit to the person who first identified the vulnerability, unless otherwise requested by the one who reported it.
- ASSA ABLOY Global Solutions Marine is open to communication and working with security researchers who come to ASSA ABLOY Global Solutions Marine with a shared interest to improve security and coordinate the distribution of information that includes both the vulnerability and the solution that addresses it.
- ASSA ABLOY Global Solutions Marine will publicly acknowledge in a written advisory the work of a security researcher who brings the company valid information about a vulnerability privately and then works with ASSA ABLOY Global Solutions Marine to coordinate the public announcement after a fix or patch has been developed and fully tested within a reasonable amount of time to be effective and deployed by ASSA ABLOY Global Solutions Marine and its customers
- Security researchers are allowed to post a link to the ASSA ABLOY Global Solutions Marine advisory on their own web sites as recognition for minimizing risks for the greater good and helping end-users protect themselves.
We ask the security researcher community to work with ASSA ABLOY Global Solutions Marine to coordinate the public disclosure of a vulnerability. Pre-maturely revealing a vulnerability publicly without first notifying ASSA ABLOY Global Solutions Marine could hurt organizations, exposing sensitive information and putting people and organizations in danger of malicious attacks.
This is why ASSA ABLOY Global Solutions Marine strongly advocates a two-step process: first private disclosure of a potential vulnerability to ASSA ABLOY Global Solutions Marine. Once the vulnerability is validated, resolved and ASSA ABLOY Global Solutions Marine and its customers provided a reasonable time to deploy, ASSA ABLOY Global Solutions Marine coordinates the public disclosure, which includes the recognition of the security researcher’s discovery, confirming that credit is given to the right person(s).
We also ask researchers to recognize that our action to investigate, validate and remediate reported vulnerabilities varies based on complexity and severity. We will communicate expected timelines, changes and collaborate where possible. In addition, we request that researchers do not perform Denial of Service mechanisms, compromise ASSA ABLOY Global Solutions Marine user infrastructure or personal information.
Like other leading companies, ASSA ABLOY Global Solutions Marine applies industry best practices for coordinated disclosure of vulnerabilities to protect the security ecosystem, ensure that customers get the highest quality information, and drive public discourse about ways to improve products, protocols, methodologies, standards and solutions.
CALL TO ACTION
If you believe you have discovered a vulnerability, click on the “Reporting Guidelines” link in the menu in this ASSA ABLOY Global Solutions Marine Security Centre for instructions on how to contact the ASSA ABLOY Global Solutions Marine Security Response Team to report your finding privately.
Select topic
Reporting Guidelines
Please report any potential or real security vulnerability claim to the ASSA ABLOY Global Solutions Marine Product Security Team via e-mail.
Product Security Advisories