SALTO WECOSYSTEM
Help and Support

Choose your location and language settings

Singapore

|

English

Global

Germany

Switzerland

United Kingdom

Ireland

France

Netherlands

Belgium

Spain

Portugal

Italy

Russia

Poland

Czech Republic

Denmark

Sweden

Norway

Finland

USA

Canada

Mexico

Colombia

Chile

China

Korean

Singapore

Hong Kong

Vietnam

Japan

Australia / New Zealand

UAE

Saudi Arabia

South Africa

India

Security

Responsible Vulnerability Disclosure Policy

We take the security of our systems seriously and we welcome feedback from security researchers in order to improve the security of our products and services.

We require that all researchers take into account the respect for the law. Vulnerability scanning could not serve as a pretext for attacking a system or any other target. Several actions must be avoided. For example:

  • Using social engineering
  • Compromising the system and persistently maintaining access to it
  • Changing the data accessed by exploiting the vulnerability
  • Using malware
  • Using the vulnerability in any way beyond proving its existence. To demonstrate that the vulnerability exists, the reporter could use non-intrusive methods. For example, listing a system directory
  • Using brute force to gain access to systems
  • Sharing vulnerability with third parties
  • Performing DoS or DDoS attacks

Keep information about any vulnerabilities you’ve discovered confidential between yourself and Salto Systems until we resolve the issue.

Send an email to securityalert@saltosystems.com if you have identified any issue that potentially can affect the security of our products or services.

We invite ethical hackers to discover vulnerabilities through our Bug Bounty Program on Intigriti. 

We strive to acknowledge receipt of your vulnerability report within 7 business days and to complete the triage process within 14 business days. Throughout the process, we will keep you updated on our progress and the completion of any remediation efforts through our bug bounty program.

If additional information is needed, we may reach out to you for clarification. The remediation of reported vulnerabilities is prioritized based on factors such as impact, severity, and exploit complexity. Given these considerations, some reports may require additional time for triage or resolution. You are welcome to check in on the status; however, we kindly request that you do so no more than once every 14 days to allow our teams to focus on remediation activities. 

In addition, for some of our products, we're inviting ethical hackers to find vulnerabilities through our Bug Bounty Program on Intigriti.  

Get rewarded for making us stronger! Sign up here.