Vulnerability Disclosure Policy

The Dejero Vulnerability Disclosure Policy reflects our corporate values, to promote improved security, and to foster open collaboration. We welcome vulnerability reports for any of our products or services.

How to Submit a Vulnerability

To submit a vulnerability report to Dejero’s Product Security Team, please use the PGP key (provided below) to send a PGP encrypted email to security@dejero.com.

What we would like to see from you:

• The details of the vulnerability including:
  • A list of clear, detailed steps to reproduce.
  • Any required tools and/or source code.
  • The models and serial numbers of any Dejero hardware used.
  • The versions of the software used, including both Dejero software and any third party software used in the reproduction.
  • Any logs from tools that would help to diagnose/reproduce the vulnerability.
• Your PGP key so that we can securely exchange emails with you.
• Please include how you found the bug, the impact, and any potential remediation.

What you can expect from us:

• A timely response to your email.
• After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
• An open dialog to discuss issues.
• Notification when the vulnerability analysis has completed each stage of our review.

Dejero’s PGP public key:

Download Dejero’s PGP public key here.

This document version 2021.1 was created December 10, 2021. Any updates will be noted below in the version notes.

Version History

2021.1 (December 10, 2021)

• Initial version