STRATIS cares very deeply about maintaining the trust that our customers and users place in us. Therefore, we take the security of our products very seriously. If you are a security researcher and have discovered a vulnerability in our web site or products, we appreciate your help in disclosing this to us in accordance with this Responsible Disclosure Policy.

Guidelines

Responsible Disclosure helps increase security for affected organizations and the community as a whole. Please follow the guidelines below:

• Don’t disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed
• Do not utilize an exploit to view data without authorization, or compromise the confidentiality of the data
• Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed
• Don’t use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact
• Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure

How to Report an Issue.
If you believe you have discovered a vulnerability in our software, gateways, or websites, please contact security@stratisiot.com. Please do not publicly disclose suspected vulnerabilities without prior written consent from STRATIS.

In reporting vulnerabilities, please send details of:

• Suspected vulnerability
• Steps to enable us to reproduce the issue
• Your email address and secure mechanism to contact you
• Your name (and/or colleagues) if you would like to be recognized on this page, e.g., your twitter handle or website as it should be displayed
• You can use the PGP public key below to encrypt your email communication to us. Please include a secure contact mechanism for us to contact you

The STRATIS security team commitment:
We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the STRATIS security team and associated development organizations will use reasonable efforts to:

• Respond in a timely manner, acknowledging receipt of your vulnerability report
• Provide an estimated time frame for addressing the vulnerability report
• Notify you when the vulnerability has been fixed

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at STRATIS.

Response and Recognition.

To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below. We do not offer a bug bounty program at this time and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

Acknowledgements.
STRATIS thanks the following individuals and organizations that have identified vulnerabilities in accordance with this Responsible Disclosure Policy:

• B.Dhiyaneshwaran
• Swapnil Vijay Maurya
• Pethuraj M
• Mahendra Purbia
• Sahil R Kataria(SRK)
• Vasantha Kumar.S.P.
• Vanshit Malhotra
• Vasantha Kumar S.P. (Infoziant)
• Prateek Thakare
• Sureshkumar Anbazhagan
• Pritam Mukherjee
• Vishal K. Bharad
• Nitin Gavhane
• Saiful Islam
• Diwakar Kumar
• Gauri Shankar
• Aaditya Prasad
• Abdullah Malik
• Ahmed Tuhin
• Alwoares Naeem
• Ashish Halle
• Ayan Saha
• Deepak Ghengat
• Hasan Khan
• Ismail Tasdelen
• Love Pareek
• Prakash Kumar Parthasarathy
• Pranav Prakash Yadav
• Karan Keswani
• Rohit Gautam
• Janmejaya Swain
• Mohammed Abdul Kareem
• Ramesh Kumar Sekar
• Subramanian Ramakrishnan
• Vandit Sharma
• Bijoy Hasan
• Tushar Vaidya
• Paras Arora (CEO & Founder PAC Security LLP)
• Rahul Haridas
• Virenda Yadav
• Mayank Mukhi
• Dhanu Maalaian
• Ayushmaan Banerjee
• Guarav Ghule
• Aaditya Prasad
• Aghrah Jain
• Rohit Pathak
• Badal Sardhara
• Siddhesh Tungatkar
• Hemant Patidar
• Atharv Shejwal
• Ravikumar Nalluri
• Gourab Sadhukhan
• Abhijit Mahajan
• Vaishnavi More
• Subhamoy Guha
• Akash Venky
• Sai Vinay Reddee
• Purbasha Ghosh
• Rupesh V. More
• Bilal Abdul Muqeet
• Varun Pradeep Saroj Agarwal
• Pratik Khalane
• Dhrupad Joshi
• Omar Darekar
• Ankit Jeetendra Bhanushali
• Sunny Kathuria
• Rohil Chaudrhy
• Gm Auntor
• Abhi Chitkara

PGP Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYlh7UxYJKwYBBAHaRw8BAQdAulBFQf/ioN2AGQqvMmVnoEbUSpskJvIkGq4u
7QSikhS0YlNUUkFUSVMgU2VjdXJpdHkgKEdlbmVyYXRlZCBieSBDaGFuZGxlciBS
ZWlkIC0gVGh1cnNkYXksIEFwcmlsIDE0LCAyMDIxKSA8c2VjdXJpdHlAc3RyYXRp
c2lvdC5jb20+iJoEExYKAEIWIQTJS9BwY0pReKUt4Wvr9MIU0OMR5gUCYlh7UwIb
AwUJAeEzgAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ6/TCFNDjEebQ
qwEA6U4arJvOUQ8q/vwdhZzYGGSMiFxRpFAzyx2hRL+7B94BANJBCL5skZ5cbWnn
Zl1nZget6txgloY88iQE0MxPDdwOuDgEYlh7UxIKKwYBBAGXVQEFAQEHQP8f3pcI
W9eYQS5su/P1zOiBNiPZKoxp3xnStw9f+oIgAwEIB4h+BBgWCgAmFiEEyUvQcGNK
UXilLeFr6/TCFNDjEeYFAmJYe1MCGwwFCQHhM4AACgkQ6/TCFNDjEeZcKQD+LUiK
WEYw5Q7+65TKPa6iQdWG8LMkUbjTInNW4P03ABcA/iSJjesxr+AgZgnR07QYOskY
ImEiYcA69ZI9DYtQARIE
=MjK0
-----END PGP PUBLIC KEY BLOCK-----