Security Vulnerabilities Policy Statement
As a provider of connectivity solutions for mobile, branch, and IoT, Cradlepoint recognizes the importance of security and privacy for our customers, partners and employees and takes security issues very seriously. As such, we are committed to reporting and addressing security issues in a timely and proactive manner in order to offer the greatest level of protection. Whether you’re a user of Cradlepoint solutions, a Cradlepoint employee, a software developer or a security specialist, you’re an important part of this process and Cradlepoint is committed to a transparent process in how it reacts to potential vulnerabilities.
The Cradlepoint vulnerability process flow can be read here, with the key points being:
- Cradlepoint is committed to communicating and working in a timely manner for any reported security vulnerability from an employee, customer, partner, or outside party.
- Cradlepoint recommends submitters of vulnerabilities to follow our responsible disclosure process to minimize the risk to all customers and users of our technology.
- To submit a vulnerability send an email to firstname.lastname@example.org with the following information:
- Product and NCOS versions
- Steps taken to expose vulnerability
- Contact information and preferences
- Copies of screen shots, code snippets, logs that might be helpful
- Cradlepoint follows a responsible disclosure process for communicating vulnerabilities. As such we will first privately notify customers and partners before any public disclosure in order to minimize risk to customers from exploitation of vulnerabilities. The private disclosure includes details for the risk, severity, remediation steps and/or fixes.
- The method for publicly disclosing vulnerabilities may vary, but will include a post to the Cradlepoint Trust Page and may include email or in-product alerts to affected users.
- Questions about the Cradlepoint vulnerability notification policy as well as other security related issues can be sent to email@example.com.