Cozyla coordinated vulnerability disclosure statement
Last updated: 28 Apr 2022
Cozyla is committed to ensuring the security of customers who use our products and services.
Since vulnerability information is relatively sensitive, we strongly recommend that when reporting a potential security vulnerability to Cozyla, please use our public PGP key for encryption and submit technical details.
- Please use our PGP public key to encrypt any email submissions to us at firstname.lastname@example.org.
- Please provide us with your sufficient contact information, such as your organization and contact name so that we can get in touch with you.
- Please provide a technical description of the concern or vulnerability.
Please provide information on which specific product you tested, including product name and version number.
- To help us to verify the issue, please provide any additional information, including details on the tools used to conduct the testing and any relevant test configurations.
Software maintenance update strategy
When any vulnerability is identified, update the firmware as follows:
- Vulnerabilities identified by users, etc.
- Verify the reported vulnerability.
- Work on a resolution by security technology manager and software engineer.
- Perform QA/validation testing on the resolution.
- Release the resolution by OTA.
Security response plan
If security incident arises, the incident must be treated as the highest priority urgent. CEO and CTO must be aware of this incident and participate in incident handling. If the incident is a software maintenance issue, then it will be handled according to the process of the “Software maintenance update strategy” in this page. A meeting should be held immediately. The meeting needs to collect information, clarify the situation of the accident, and estimated timelines for remediation of an incident.
In case you decide to share any information with Cozyla, you agree that the information you submit will be considered as non-proprietary and non-confidential and that Cozyla is allowed to use such information in any manner, in whole or in part, without any restriction. Furthermore, you agree that submitting information does not create any rights for you or any obligation for Cozyla.