IoT83 Vulnerability Reporting & Security Advisories
Product Security Incident Response Team
Product Security Incident Response Team (PSIRT hereafter) is an integral part of the IoT DevSecOps Team.
IoT83’s PSIRT is responsible for receiving, processing, and disclosing IoT83 product and solution-related security vulnerabilities. It is the designated window to release information about IoT83 product vulnerability. IoT83 encourage end-user, partner, supplier, government agency, vendors, industry association, and independent researcher to report potential risk or vulnerability to PSIRT by email.
Reporting Potential Vulnerabilities
In case you discover a potential security vulnerability in IoT83 products, Please direct the email to security.officer@iot83.com and include the following information:
PGP Public Key
Owing to the sensitive nature of vulnerability information, we strongly suggest reporters encrypt using IoT83’s PGP Key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v2.0.76 Comment: https://keybase.io/crypto
xsBNBGQQdOUBCACfUXG8FEv/J8XA1C2OgeOT2t97fpNxQ6yhP1d+sQMSPYKZpU/t FniR5/PN5nkj2LBJ6ceVm1xHQxt33QrBGFHvQLs77vG7YxERUVIbb8w796//DeHs f/KLTR09nlcZkuCZBEnGWYt0s4+NGoCfOobTOJhxWBXMjrHSQRcdXX2oH2TbubRx kTNMfHpczgS/6mgmdG5XoX4lQC5mLSTRBt4mkGrhzJnABVy51IjDpk+k6JO/P6N6 nQcpU2Z8czdlBynCJVdRaRyikhQZi2HwKblgcBX0qZ4qaGQqY2rK3VWcqyk+INlX FSRRYrkyjtAFKjXJPcDDzAuwCuAnlEE2U4FBABEBAAHNJU5pc2hhbnQgUHVyaSA8 bmlzaGFudC5wdXJpQGlvdDgzLmNvbT7CwHoEEwEKACQFAmQQdOUCGy8DCwkHAxUK CAIeAQIXgAMWAgECGQEFCQAAAAAACgkQ4Z/hrjZIqhqe3wf7B9KHc4Fdtf1OwchJ wRIM2wut9lhIh9cOA8h3FMsQhaakdEVipt0//6QqPD+nJNVhkj09AW0ZVwG6uSvr NRr9jUXQ2jQr/zHjT94ed41ajrEjZaOnnvnzNMhvFt5p3IsilrdqM8rZ8xD1PFs1 WHFiOLwsc5PYG/jf2x6UilNTx2II5gMNVDiSLJ/7MD959Vol+pXypSnwwQVXsGUt RW8VqC5QDcKpMYHhiJlA4yeYOUuIWlmrEwGO74CdYdKbWkaaUTDyRf6x/icSPMcm 6rZGYLzTPheuMivoWQSNLE1tsRsaon2TZVpQYNv8q8PkmWf4+ZPkmuZVYqF2mt0u p+SmDs7ATQRkEHTlAQgAvzIyps931MyztZwlkyahldc2VwZAfxETcDgqrKUmZZQ7 4nj8RfafEKxHf8AvzCKi2dluDSM03DbGdlXUs7MWzDEGjCwwjC++hxlL7fWnBHrK l2cyhjJhpJhuYkP+Fg1bkkoF34P3u/EikVaqj2EN6CBJ1xFz9A1yUBJBlF2B0aJI 7ht+Mt4jZj+wnUIEFY7oXp7weJUca9QnTfpTVtKHSh6TuUWRwJbSc0ZFm9hn83SA j9+XL61iGTJ0JPqYORnbYH2m+PLe9BrdhcIboq6ECX/JLychV7QOZRk5Q204uUyY 0ZkHcuPWr6AvmzZSUD7gqfnt3S/lDJQljQfUw7czEwARAQABwsGEBBgBCgAPBQJk EHTlBQkAAAAAAhsuASkJEOGf4a42SKoawF0gBBkBCgAGBQJkEHTlAAoJEHzY+gBF Z+FZtDYH/2MqPsfKFAV9Biav0OujCZE8BDtyDJ1s6G9nRHqIwfyU7jUdm/XVHT1T JpUyLafhSaj9xYxSVW30UONhN5BcWFjxj6r70L6lIg77cP5vUKawMUbv8qhZEyZS G3ti+CWhqd3KdTYXjuPUyw0OVknBQpJr26Uryblbwkj9X58V7oarr9HxtjBGXQYq +DjIVH9yoaN9m0b5VoKHQJDIvbL3QnEPW0DuTha35v1h2NSONDfc2pO5U1gdy4ox tgZTUYb6pxqgsjjGOqbw9roZYh57YPIA21pKivuItbEdsHZ829eHgD9upyXB8myF IzizN52QWTMF0/gFlQHpLIsEUMIVxBv6wQf8CVyvYTEmzYEK928ECbwYT5qu7hKW 7kUDjFxN3ve9UGoI5kiYm1mou1TSjuw9eznfKoVe2Kihzzo79yPePqmSq6lQjXl0 JQ2J9ljjXu5LcL1VZBIjLbJZ/5bbgMF+AHuWyP+9DSl7hfbK7ILTFgSrayVKd+4E /mtiAPRYCkFiwZrkmFHRb69TKnBV87mhQq633ofBDSWF2uuFYxKjeIsaBuIXM34V C0BSrymprqi4qdDEUrC6hLWMgmYy+uY66EHC9wg0Y+iBxQctUf/weqltWe99n+tA BW2Fz/Jzt8vu8JihleM5J/zYmitRcc1d2jZIbjjQCQI6nytn8v4v833Hf87ATQRk EHTlAQgAuWE4iy2y5V91zhqe8zospTwtu7rDv+CzwhcUusvi95f32haYH6YSFZh0 paUNAYa22tLK4yfQ4aeQBNgHs0MWENcyYjB+1epj1ZZbLOYgLQqvalmVwaDXvVQr ZQUOAftgSKzVPSGgEDFQVv7LzCCc+sDwshsEJeU13a+O1zOGqq0WZpIKUNGrBToe y/eb7aCE1ly4zXlqgreDP0XcQu341ebFz/Yub/0eSt72u26/OY8EFlvhQPHJpZZw 3e1ayQ72eyU+3hGdDPlgqKr6h8ufC0AXk82pXA8Cta+aBbGSyCQejX1hN5D1+61w 3BrUyE7WjD/JLDjPngv59RNHZ7M+cQARAQABwsGEBBgBCgAPBQJkEHTlBQkAAAAA AhsuASkJEOGf4a42SKoawF0gBBkBCgAGBQJkEHTlAAoJEBPp9Jpl5SrLJwMH/A60 PRk9XnDdnj5vNWH29pq4bw620b3mDNYMLGI/jBTEYTHdGW+Y9sjIqXRXmQkjmUBh nNtZqUNgtgVRUIZ9PZzpSJP75dRRkyf0GW2BKZU0JghkaTgWfW++5aTXN7PHFK8W ZccUG5pmeo/ppS/2UaAUQUn1i5e/Ma1mfN3QmTUzcTgUC4dLOwLM8Leyg7v2XPzo p+VA8LLB+s1k44Dqowpv6tiSgZ/Faj9i5yV2JIu2PIzWl74SeP04U8PBzq4UCVDc 3KuneSj+Mz7hjymQVKbOJVSYiWyT3/HKQdhyblBUZ7KDrz5smPG1SbEipqqeyBVq KP07PxvY1uebYqS8P6tdZQgAmsNMpEKZMQNPn6WUZtbdXWTxbM8lwgZ6sTEbrk3x 02f2HP5JUY+N7MjsdIPUPIFRhNUhLQDakqkQYIka3jrivQ0PGn2RDk3UyG3YfwjB 1/GhmhHi0VG4z9bFbXpxX11USI1056mnukh3rsowT829ijyuZJ/gFNlA6Ye07Ego qQMkKkyGP8ot8XmHFLgWZ7Sk/0I24Hg14x2BXqkkhA7rsc0UzUMHi3UPnr7YKNVZ Zvvy1/XTrbiQ1nBFor/8YVjaVRGF+VhYXyhE6a/+Apu4D8GAZk4MQbT7qC0y/YOm tlrGkOtPjjPIHtdcPyzT4DcXSYfaQ4j3U1inCyZ6oFt2pw== =GF13
-----END PGP PUBLIC KEY BLOCK-----
IoT83’s Vulnerability Handling Process
- The IoT83 Security team reviews the issue and evaluates its potential impact.
- If the issue is not related to security then it will be moved to IoT83 DevOps and Delivery Team.
- The IoT83 security team works on the issue to provide a solution and track all details of the problem until the next version of the Platform/Product is out.
- Security team tries to reproduce the issues in various scenarios for internal testing.
- Security team then requests CVE identifiers for the security issue.
- Clients with valid License/support agreements are emailed, giving a period of time when it is possible to upgrade before the issue becomes known to the public.
- A public announcement for the community is made on the Website.
IoT83 Security Advisory
Terms & Conditions
By submitting reports about vulnerabilities, security threats, and/or workaround proposals (hereinafter referred to as “Vulnerability Report”) to IoT83 Ltd or its affiliates. (hereinafter “IoT83”):
- By agreeing to these terms, you authorize IoT83 to utilize any Vulnerability Reports provided by you to enhance and update its software, products, or services. You also grant IoT83 a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license and the right to sublicense to IoT83 licensees and customers to utilize, publish, and disclose such Vulnerability Report in any manner it sees fit. This includes displaying, performing, copying, creating, utilizing, selling, and disposing of IoT83 and its sub-licensees’ software, products, or services that include the Vulnerability Report via any media without needing to reference the source. IoT83 is entitled to use the Vulnerability Report for any purpose without restriction or compensation.
- You also agree to test IoT83’s software, products, or services while ensuring that the safety and privacy of others are not compromised. You will seek permission from IoT83’s customers or users before performing any vulnerability testing on their devices or software.
- Moreover, you commit yourself to refrain from any activity that could harm IoT83, its customers, users, or employees. You agree to keep the Vulnerability Report and all information about IoT83’s software, products, or services’ threats and vulnerabilities confidential and not disclose them to any third party without IoT83’s prior express consent. You must also avoid and prevent any potential impact on the safety or privacy of anyone.
- Additionally, you agree not to engage in any activity that violates the laws or regulations of any country where data, assets, or systems reside, data traffic is routed, or where you are conducting research activity. Finally, you agree to comply with all applicable software license requirements and adhere to applicable laws.
