cascoda-sdk

Security Policy

Vulnerability Disclosure Policy

Cascoda is committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for our customers, partners, staff and all Internet users.

A security vulnerability is a weakness in our systems or services that may compromise their security. This policy applies to security vulnerabilities discovered anywhere by both Cascoda staff and by others using Cascoda services. The responsibility for this policy is with the senior management team of Cascoda who will review it on an annual basis. All day-to-day staff must follow this policy and will receive regular training on how to follow it.

Reporting vulnerabilities

If you believe you have discovered a vulnerability in one of our services or have a security incident to report, please email security@cascoda.com. Please supply the following information:

Once we have received a vulnerability report, Cascoda takes a series of steps to address the issue:

  1. We will provide prompt acknowledgement of receipt of your report of the vulnerability
  2. We request the reporter keep any communication regarding the vulnerability confidential
  3. We will work with you to understand and investigate the vulnerability
  4. We will provide a timeframe for addressing the vulnerability.
  5. We will notify you once the vulnerability has been resolved, to allow retesting by the reporter if needed.
  6. We publicly announce the vulnerability in the release notes of the update. We may also issue additional public announcements, for example via social media.
  7. Release notes (and blog posts when issued) will include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.

Cascoda will endeavour to keep the reporter apprised of every step in this process as it occurs.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. In line with general responsible disclosure good practice, we ask that security researchers:

When reporting a vulnerability:

Supported Versions

The latest version of the SDK is supported for security updates. See the release page

End of Life

All SDK features are supported. SDK feature depreciation will be announced 6 months in advance. No features have deprecation announcements.

Known vulnerabilities

No known vulnerabilities.

Text copyright The IASME Consortium Ltd. 2020 Modifications copyright Cascoda Ltd. 2020 Licensed under Creative Commons BY-SA license https://creativecommons.org/licenses/by-sa/4.0/

Applies to sections: