Disclosure Policy

Last update: Mar-07-2016

Vendors responsible for fixing security defects uncovered in a result of our research are issued the so called vulnerability notices containing brief (though sufficient) information about vulnerabilities identified in their products. From that moment, internal security and engineering teams of a given vendor can start their work aiming to fix reported issues.

Security Explorations does not send vulnerability information to the licensees of a given technology. Only original vendors of the affected technology or software are provided with brief vulnerability information.

Security Explorations starts informing vendors and public on the same day about identified security threats. The public is notified about the existence of a given security weakness, vendors are provided with its brief details.

The public can monitor the status of vendor activities with respect to the fixing of reported issues through our web pages corresponding to the target research project.

In case of acquiring or discovering information indicating that certain security issues had been fixed or cannot be exploited anymore, Security Explorations reserves the right to publish additional details about such issues.

Security Explorations may publish Proof of Concept codes for security vulnerabilities and attack techniques discovered by the company at any time after or in parallel with their technical details disclosure.

Issues already reported to the vendor, which were improperly fixed are not a subject to this policy. They are publicly disclosed without any prior notice.

Any legal threats coming from vendors are immediately announced by us in the legal threats section of our website.

Copyright 2008-2017 Security Explorations. All Rights Reserved.