Skip to content
 

Vulnerability Disclosure Policy

At Dejero, security is fundamental to our mission-critical connectivity solutions. Our Vulnerability Disclosure Policy reflects our commitment to transparency, continuous security improvement, and collaborative partnerships with the security research community. We welcome and value vulnerability reports for any of our products or services.
View alerts Explore resources

Scope

This policy covers all Dejero products, services, and infrastructure including:

1. Hardware devices
2. Software and firmware
3. Cloud services & web apps
4. Network infrastructure & APIs

How to submit a vulnerability report

To report a vulnerability to Dejero’s Product Security Team, please use our PGP-encrypted communication channel:

Email: security@dejero.com
Encryption: Use our PGP public key to encrypt your report

Required Information
Please include the following details in your vulnerability report:

Vulnerability Details:

  • Clear, step-by-step reproduction instructions
  • Proof-of-concept code or demonstration (if applicable)
  • Screenshots or video demonstrating the issue
  • Assessment of potential impact and risk level

Environment Information:

  • Dejero product models and serial numbers
  • Software versions (Dejero and third-party)
  • Network configuration details
  • Operating system and browser information (if applicable)

Research Details:

  • Discovery methodology and tools used
  • Timeline of discovery
  • Your PGP public key for secure communications
  • Suggested remediation approaches (optional)

Our commitment to you

Response timeline:

  • Initial Response: Within 2 business days of receipt
  • Triage Completion: Within 5 business days
  • Status Updates: Regular updates throughout the process

What you can expect:

  • Transparent Communication: Clear timelines and regular status updates
  • Professional Collaboration: Open dialogue and technical discussion
  • Progress Notifications: Updates at each stage of our security review process
  • Recognition: Acknowledgment for responsible disclosure (with your permission)

Our review process:

  1. Initial Triage – Vulnerability assessment and classification
  2. Technical Analysis – Detailed security impact evaluation
  3. Remediation Planning – Solution development and testing
  4. Deployment – Coordinated release and customer notification
  5. Disclosure – Public disclosure (if applicable)

Legal safe harbor

Dejero commits to not pursue legal action against security researchers who:

  • Act in good faith and follow this disclosure policy
  • Make reasonable efforts to avoid data destruction or service disruptions
  • Do not access, modify, or delete data beyond what is necessary to demonstrate the vulnerability
  • Do not publicly disclose vulnerabilities until coordinated disclosure is agreed upon

Current information

  • Current Version: 2025.1
  • Last Updated: January 15, 2025
  • Next Review: January 2026

Version history

  • 2025.1 (January 15, 2025) – Major revision with enhanced guidelines, expanded scope, and improved process transparency
  • 2021.1 (December 10, 2021) – Initial version

Ready to build with secure connectivity?

Security isn't just a feature—it's foundational to mission-critical operations. Organizations that partner with security-focused vendors experience greater operational resilience and faster compliance achievements.

Talk to an expert See it in action