At Estech, we value the security and privacy of our customers' data and systems. We believe in fostering a collaborative environment where ethical hackers and security researchers can help us identify and address potential vulnerabilities in our products and services. We appreciate the contributions made by the security community to enhance the security of our offerings. If you have discovered a security vulnerability in any of our systems, we encourage you to report it to us responsibly, following the guidelines outlined in this Responsible Disclosure Statement.
Guidelines for Responsible Disclosure
- Report the Vulnerability: If you believe you have found a security vulnerability in any of Estech's products, services, or systems, please promptly report it to our dedicated security team by sending an email to responsibledisclosure@esi-estech.com.
- Provide Sufficient Information: When submitting a vulnerability report, please include all relevant details that would help us reproduce and understand the issue. This may include, but is not limited to, the affected product or service, a detailed description of the vulnerability, and any proof-of-concept or steps to reproduce the vulnerability.
- Act in Good Faith: We request that you make every effort to avoid any actions that could harm Estech or our users. Only perform actions that are necessary to identify and report a vulnerability, and refrain from accessing, modifying, or deleting data without explicit permission.
- Keep Information Confidential: We understand the importance of responsible disclosure. Therefore, we ask you to keep any information related to the reported vulnerability confidential until we have acknowledged and resolved the issue. We will make every effort to address the vulnerability in a timely manner.
- No Unauthorized Disclosure: Do not share any information about the vulnerability or any personal data you may have accessed during your investigation with any third parties.
- No Exploitation or Disclosure: Do not exploit or disclose the vulnerability to others before it has been resolved. Allow us a reasonable amount of time to investigate and remediate the issue.
- Non-Destruction of Data: Do not delete or modify any data you may have encountered during your investigation. Only access the minimum amount of data necessary to demonstrate the vulnerability.
What You Can Expect From Us
- Acknowledgement: Once we receive your vulnerability report, we will acknowledge its receipt within a reasonable time frame.
- Investigation: Our security team will conduct a thorough investigation of the reported vulnerability to validate its existence and impact.
- Communication: We will keep you informed about the progress of our investigation and the steps we are taking to address the reported vulnerability.
- Resolution: If the vulnerability is confirmed, we will work diligently to develop and deploy an appropriate solution within a reasonable timeframe.
- Recognition: Estech appreciates the importance of your contribution to our security efforts. If you are the first person to report a specific vulnerability and it is confirmed, we may recognize your contribution at our discretion.
Legal Considerations
Estech acknowledges that, in some jurisdictions, vulnerability research and reporting may be subject to legal restrictions. We commit to handling all reports in good faith and will not initiate legal action against you if you comply with the guidelines mentioned in this Responsible Disclosure Statement.
By reporting a vulnerability to Estech, you agree to comply with the guidelines outlined in this statement and acknowledge that Estech reserves the right to update or modify this statement at any time.
Thank you for your commitment to responsible disclosure and your dedication to helping us improve the security of our products and services. We appreciate your cooperation.
- ESI Security Team
Published in July 2023
