Vulnerability Disclosure Policy

Updated September 2022

How to Report a Potential Vulnerability

If you would like to report a potential vulnerability or have a security concern regarding VNTANA products and services, please email support@vntana.com.

Once your report has been received and reviewed, we will work to validate the reported vulnerability or security concern and will reach out to you if additional information is required.

What we would like to see from you

To help us validate potential findings and determine a remediation, the vulnerability or security concern report should:

• Describe the vulnerability or security concern, how/where it was discovered, and the impact.
• Reports from automated tools and software are not considered a valid report.
• Offer a step-by-step overview needed to reproduce the vulnerability or security concern (screenshots and videos are preferred).
• Please only include one vulnerability or security concern per report (unless vulnerabilities or security concerns are related).

The VNTANA security team commitment

We request that any unresolved vulnerabilities or security concerns are not shared or publicly discussed with third parties. If you correctly submit a vulnerability report, the VNTANA security team and any other relevant parties will use all commercially reasonable efforts to:

• Respond in a timely manner, acknowledging receipt of the report.
• Provide an estimated time frame for addressing report or concern where possible.
• Communicate to you when the vulnerability or security concern has been addressed or remediated.

Safe Harbor

Any activities conducted in accordance with this policy will be treated as authorized conduct, and VNTANA will not initiate legal action against you. Should there be legal action initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in accordance with this policy.