{"id":11497,"date":"2022-12-22T09:36:40","date_gmt":"2022-12-22T16:36:40","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?page_id=11497"},"modified":"2023-03-10T10:03:19","modified_gmt":"2023-03-10T17:03:19","slug":"disclosure-policy","status":"publish","type":"page","link":"https:\/\/10.42.32.162\/disclosure-policy\/","title":{"rendered":"Disclosure Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"11497\" class=\"elementor elementor-11497\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7dbf405 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7dbf405\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0a37fce\" data-id=\"0a37fce\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-d934ff4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d934ff4\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-99d2822\" data-id=\"99d2822\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-956ab38 elementor-widget elementor-widget-image\" data-id=\"956ab38\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"798\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-821x1024.png\" class=\"attachment-large size-large wp-image-15823\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-821x1024.png 821w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-240x300.png 240w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-768x958.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-1231x1536.png 1231w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/disclosure-1641x2048.png 1641w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-589388e\" data-id=\"589388e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c34bbb5 elementor-widget elementor-widget-heading\" data-id=\"c34bbb5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-xxl\">Disclosure Policy<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-aaf89f4 elementor-section-stretched elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"aaf89f4\" data-element_type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5f19f91\" data-id=\"5f19f91\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f124da5 elementor-widget elementor-widget-spacer\" data-id=\"f124da5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6e963872 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6e963872\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2c220f31\" data-id=\"2c220f31\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-176944c elementor-widget elementor-widget-heading\" data-id=\"176944c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Our Values<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5862cd6 elementor-widget elementor-widget-text-editor\" data-id=\"5862cd6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Securin, Inc. (Securin) as a security service provider and research organization strongly believes that a constructive and coordinated disclosure is the best approach to address and fix a vulnerability. We also believe that these contributions to the security community will be helpful to reduce attack surfaces or vectors against diverse and ever changing threats.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-df40c2b elementor-widget elementor-widget-heading\" data-id=\"df40c2b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Scope<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-adfbdc1 elementor-widget elementor-widget-text-editor\" data-id=\"adfbdc1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Securin vulnerability disclosure policy applies to any third party vendor products to whom Securin will assign the CVEs for vulnerabilities, if the product is not a part of another CVE Numbering Authority (CNA) scope.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0364d87 elementor-widget elementor-widget-heading\" data-id=\"0364d87\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Policy<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e1924e elementor-widget elementor-widget-heading\" data-id=\"8e1924e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h6 class=\"elementor-heading-title elementor-size-default\">Once a security issue is found the following steps will be taken by Securin to notify the respective parties to fix it.<\/h6>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e482c1 elementor-widget elementor-widget-text-editor\" data-id=\"3e482c1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul>\n \t<li>Once we have confirmed the vulnerability, we will gather all the necessary information to communicate the details to the affected party.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>Securin will try to establish initial contact with the affected vendor via email regarding the vulnerability with all the supporting documents.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n \t<li>If we don\u2019t receive a response from the vendor within seven days of sending the mail, another reminder will be sent. If the vendor did not respond or refuses to acknowledge the vulnerability within 14 days from initial contact, Securin will publicly disclose the vulnerability.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n \t<li>If we receive a response from the vendor, we will notify them about the date of the vulnerability disclosure that we have set.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>The vendor will be allowed 90 days to provide a patch or relevant fix for the issue. If provided, then the vulnerability will be disclosed immediately following the vendor\u2019s patch or fix release.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>If a fix is not provided within the 90 day period and no response is received from the vendor, then we will go ahead and disclose the vulnerability on the afford-mentioned date.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>In the event that the vendor is unable to provide a fix within the deadline, but has communicated Securin regarding the same, then the deadline could be adjusted. A maximum of six months of coordination will be given to the vendor for fixing the vulnerabilities. After that the vendor will be informed and the vulnerability will be disclosed regardless of the fix.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>The 90-day deadline mentioned above is not a hard deadline. Securin can shorten or lengthen the deadline based on certain criteria like the severity of the vulnerability, ease of exploitation, etc.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n\n \t<li>Until the completion of the disclosure process, Securin will maintain confidentiality of any communication to and from the vendor. However, we will disclose the vulnerability to the public irrespective of the vendor\u2019s support or not.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n \t<li>All the CVEs assigned by Securin and its vulnerability disclosures can be found in the <a href=\"https:\/\/webdev.securin.xyz\/zero-days-list\/\">Securin Zero Days List<\/a>. Only the advisories present in the security advisory will be considered as official documents.<\/li>\n<\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7a7699f elementor-widget elementor-widget-text-editor\" data-id=\"7a7699f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>Securin is always open to feedback and suggestions. If you would like to contact us, please feel free to email at <a href=\"mailto:disclose@securin.io\">disclose@securin.io\u00a0<\/a><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Disclosure Policy Our Values Securin, Inc. (Securin) as a security service provider and research organization strongly believes that a constructive and coordinated disclosure is the best approach to address and fix a vulnerability. We also believe that these contributions to the security community will be helpful to reduce attack surfaces or vectors against diverse and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/pages\/11497"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=11497"}],"version-history":[{"count":59,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/pages\/11497\/revisions"}],"predecessor-version":[{"id":16131,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/pages\/11497\/revisions\/16131"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=11497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}