Responsible Disclosure Policy

STRATIS cares very deeply about maintaining the trust that our customers and users place in us. Therefore, we take the security of our products very seriously. If you are a security researcher and have discovered a vulnerability in our web site or products, we appreciate your help in disclosing this to us in accordance with this Responsible Disclosure Policy.

Guidelines

Responsible Disclosure helps increase security for affected organizations and the community as a whole. Please follow the guidelines below:

  • Don’t disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed
  • Do not utilize an exploit to view data without authorization, or compromise the confidentiality of the data
  • Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed
  • Don’t use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact
  • Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure

How to Report an Issue.
If you believe you have discovered a vulnerability in our software, gateways, or websites, please contact security@stratisiot.com. Please do not publicly disclose suspected vulnerabilities without prior written consent from STRATIS.

In reporting vulnerabilities, please send details of:

  • Suspected vulnerability
  • Steps to enable us to reproduce the issue
  • Your email address and secure mechanism to contact you
  • Your name (and/or colleagues) if you would like to be recognized on this page, e.g., your twitter handle or website as it should be displayed
  • You can use the PGP public key below to encrypt your email communication to us. Please include a secure contact mechanism for us to contact you

The STRATIS security team commitment:
We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the STRATIS security team and associated development organizations will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report
  • Notify you when the vulnerability has been fixed

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at STRATIS.

Response and Recognition.

To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below. We do not offer a bug bounty program at this time and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

Acknowledgements.
STRATIS thanks the following individuals and organizations that have identified vulnerabilities in accordance with this Responsible Disclosure Policy:

  • B.Dhiyaneshwaran, https://www.linkedin.com/in/dhiyaneshwaran-b-27947a131/
  • Swapnil Vijay Maurya, https://www.linkedin.com/in/swapnil-m-545b2010a/
  • Pethuraj M, https://www.linkedin.com/in/pethu/
  • Mahendra Purbia, https://in.linkedin.com/in/mahendra-purbia-185b44186
  • Sahil R Kataria(SRK),  https://twitter.com/Sahilkataria200?s=08
  • Vasantha Kumar.S.P.,  https://www.linkedin.com/in/vasanth-kumar-417a7a32/
  • Vanshit Malhotra, https://twitter.com/vanshitmalhotra
  • Vasantha Kumar S.P. Infoziant https://www.linkedin.com/in/vasanth-kumar-417a7a32/ / https://www.infoziant.com
  • Prateek Thakare, https://www.linkedin.com/in/prateek-thakare-027584158/
  • Sureshkumar Anbazhagan, https://www.linkedin.com/in/suresh-kumar328617145

 

PGP Key:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQINBFyGZJ8BEADVZUPTvnp37GMrQCFbLLGUFPjwOY9Rc9/7vOC8NKgM+HI/Bpkj
1aPDnWSGqjKf2duHwtdcVRIvDSKiCPE4Ro4Nwqtv7I1mwomwSj/Zrku7H1/7op6W
LvMuBB21rlXguLhXMKbLHp8TSVh5e+b8F7FB8JbgBBC54tRcRqK+7FXCPTMXwC2F
HLXzqUKNbNr1PPxixJ6x8hLw24MoIqUEg7ZFDvz8XTkltg3J0xjqaxT2lr9SB0yP
mJtggHih7dPpab8cBHiMov9P+Z3a/JVY7h/RJ8yfzCtafIRPpqYO+01hzR/pJln0
+QUV5jxSbVKxW4DWcx+UgddUqxPmCPNbDDqCQzBefEGuo/bQZYqJKSziuccTtOx9
XuyBpk+DrO7GtQIcyw68WpAw/7Uh97gXAMJbAcQTHJ9fp/7ITM+TthiuKQuvjopX
6ICrDXbswFjAGUmgZv8DNko1fGZNQBPTEMKVcdr77aafqtfAuA75Sv+3bJ4wZNiz
BhmiZdISfEKBOdmSp7Hm6FBH0CVnWXDuuuLHlaMLisAJjvGREUd8Zo+n2njUHSQT
CzHCmlful0v3dHvWqSzA/m4EawIDBqWi2myFZLAy66JgNYkZefaZ3aT+hVvjLfVd
xv1rAEXPSjzj/FUT8QR8pz2gfA8nfLDGM7JI27u1Foa9JCXCxz7sIvlLJQARAQAB
tENTVFJBVElTIElvVCwgSW5jLiAoU1RSQVRJUyBTZWN1cml0eSBUZWFtKSA8c2Vj
dXJpdHlAc3RyYXRpc2lvdC5jb20+iQJOBBMBCgA4FiEERB4yKGPePhj7li2GtvhR
BYy/TJQFAlyGZJ8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQtvhRBYy/
TJSIAw//UltMuI0wsjBtg1Ik4pdx9LBeXl7kIrUre43NKva0ddbKI/yrvGzHeqiH
s3SRcouBZwrNqg6BQpK2uvZw71C4/pXQC/QVBN99uEZebuwKYKND1HS7El7E8guA
C/EGUnPc+D9+asg4dkWH/UJzsjXdpSUYopP2w3GIblEL7jpa55rOx8fTBPh/Q8i5
rygB8Q/wxsKQDA+9XS8mmTRBEai/jhmVIOQpI1xQ4tJL6/r1kDlBNn8P3MUrovw8
gXNanNaHk/qbk31/7lgXcGvNA3r10VjcH/7LSwtz9Ywt+/EdL8S8GeRbdhZfpQQY
SNo4b00IF9iaDsQ7iJXNiFsqMjR+cQoWeJfXyd9KoxYA0q9Ibj8io/DIKotbTsP9
KNEYO2+c76TgqGirMqqEiT/YScl8N4SJCKrn+cTzXdMro8vrQ3+gAwSxsUqNU1LI
/sDqvubrXIoVf4QRg7Uob5A2u5AUWDlW8gP2tUgecaCd6kKP6UP/Ielvcgl/QF63
vONhDz5+3tY1FPbkU5BvNFTDj2sup58RBvl3IIP4ncSioevPxqUzUdj0hMbNnVVk
1Mjd86FuVQRLWUjqbd4y67WyVizgLIh1DMitW1EjlYHzHp/yGKfJW8UjTBZOdaYP
bFgAgaNRbXvfkbZt5wetWzvKnft263khmT5f4xWP4ZgxKFlNtRK5Ag0EXIZknwEQ
ALZ5GKm2RpaRO1B0SEDtyG1wginWrHeL5hxV6I6qjVHvh/wgvC1aAzvTQnaie+Dh
9+RYvx1j8vAfSOeHUdZKCPWGdaTyMVd6VTmgRwSsDxNEuxC7k6JmIJlbI/81csX/
LRRI3/sh2A4NGU3jBru4A/1cz6vfyihi092GjL5tU/y6JMBOe4NygSqhw0CzJql1
djaMoUaEc/BSPIVpd68NUYmIsBMVaoS3Ne8HGH0SvhzIbux8kqMFdWKMdnuvyTAV
vog1gGlFMJohICvF31s9d9mi51HzyWOj1c0aGiVV/HQfp8Lpi2j7ij0c00tPEkuu
Uu3OF2rz9PZDkiWDXGsJggPMspmNE9uN0lHwb+xj3DUNb96BZ79Q2Zlc6FhpVwAY
rzTHItUXBcjYBBBl3GJ53D2ozXImjv31g9sVh8Xx+9AIGS3uK/YAnnhP+bwDTdY8
qITm6SXkzwPlnPGv3923/qc7JrZvIMj1m/n9L/wzx6Om4PtyFROPbbL03owX+2sU
BLsSj1oa8etJ2Dfr0ChnjuyWeJMhQShlALDh2nvsZUfLzK6JahnWVaPyxsIf26zX
zLS4dKKYD1X6pYQoD6dWit23BKmooNkHofkc+NS5YgBDzG149TYnYJ+kqXvGFyCJ
0fQy0Av4IqBX7xtx8CXiM5l8UqcbrSLZbOjS7LpM/UyNABEBAAGJAjYEGAEKACAW
IQREHjIoY94+GPuWLYa2+FEFjL9MlAUCXIZknwIbDAAKCRC2+FEFjL9MlGRJD/45
C45//U1l3iZPI2KhXMx2kJv6ZwLEQb0+Nu0xZ/wqcjxD7iyMxClR7Ubm3i7/6SjE
QsFPkX9CpJwuIeZesw6cJ19qVaGMH2wuw6GoRzf7gzpcNwLPHUjnQzaYimiTZAm9
0DZcJh0PnxZOVPiPUeS4bwixa69NIQYOWrNaMHzvsug1Rc3Ucws3vei7DXR4SyFI
uTmgaJ5fHMx7SdwQTyvQktSt0y7mGUtwHpO5egVpLi67GFOCQejgoySwts/IBfxD
bTeWG/1IZ9GOfyr2eRaFbcpfxki5F9ifvd37jdyL7klNoYHFXszGbTbe0GLTSX8B
dyUXZI0fKgzsrqC+eK4x9nz+ibH1WBnNscPBWaF+ddGDxpYvHDgXBCK3BmDSumR0
a3LYfEZ5D/k+tTHetIFXju8BIbriuQ78VDmq2fsAn6GZP9tYt1Tj0RSzc21BTdLg
82DnnwjVZJ4p8Ey0VZvbVd1FiUejO4dWB7dEbOwzTYA3u90cG08jLda0z2730cKZ
CHZmZv00D/nQ5hc6Y+e2jsF7t/U2p2mgE1NKJFm1od92Bo/C67v/IfUJ9T3BXdaq
rEgevMsvaNa8NBvanbngt3kLtB5oiYXl2+g3hUlJkAiFTwItZhPToopFEUexhOHK
nfCJYHnyOTrBNhSvzdvLNWM7YiJlja6L0gHz6/NH1w==
=YoSq
—–END PGP PUBLIC KEY BLOCK—–