Responsible Disclosure Policy
Azena - Data privacy note
Azena delivers products that offer the best quality and reliability. The Azena Security Team supports this by helping to resolve security issues identified in Azena products by external security researchers, partners, or customers.
The Azena Security Team coordinates measures in case of (potential) security incidents with Azena engineers and development teams, including establishing an appropriate response plan, and maintaining regular communication with the reporting party. Azena encourages coordinated disclosure of vulnerabilities and we kindly ask the reporting party to keep the vulnerability confidential until Azena makes a fix available.
Everyone is encouraged to report identified vulnerabilities, regardless of service contracts or product lifecycle status. We welcome vulnerability reports directly from researchers, industry groups, CERTs (Computer Emergency Response Teams), partners and any other source. We respect the interests of the reporting party (anonymous reports are also welcome) and agree to address any vulnerability that is reasonably believed to be related to our products or services. We strongly urge reporting parties to perform a coordinated disclosure, as immediate public disclosure puts our customers’ systems at unnecessary risk.
Please do the following:
Submit your findings to our responsible disclosure program
We kindly ask the reporting party to not share or publicize an unresolved vulnerability with/to third parties.
By following the Azena Responsible Security Disclosure Policy, the S&ST Security Team and associated development organizations will use reasonable efforts to:
Respond quickly and acknowledge receipt of the vulnerability report
Provide an estimated time frame for addressing the vulnerability report
Notify the reporting party when the vulnerability has been fixed
Azena agrees not to pursue claims against reporting parties related to disclosures submitted to us providing the following:
- The reporting party does not cause harm to Azena, our customers, or others.
- The reporting party does not compromise the privacy or safety of our customers or the operation of our services.
- The reporting party does not violate any criminal law.
The reporting party publicly discloses vulnerability details only after S&ST confirms completed remediation of the vulnerability
Azena appreciates the efforts made by the reporting party in identifying the vulnerability and working with us to ensure the safety of Azena customers. We thank you for going out of your way to improve the security and safety of our customers and the Internet community as a whole.