Responsible Disclosure Policy
1. Introduction
No technology is perfect, and Irdeto believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you’ve found a security issue in our solutions, we encourage you to notify us and welcome working with you to resolve the issue promptly.
1.1. Purpose
The purpose of this policy is to record the procedures of Irdeto concerning communications with the media and security professionals in order to avoid selective or unlawful disclosure of non-public information.
The details contained in this policy represent a summary of the legal and regulatory provisions relating to the disclosure of information. It should therefore not be used as a substitute for specific legal advice.
1.2. Scope
This responsible disclosure policy is applicable to customers or guests, namely a person who accessed or registers on the Irdeto platforms.
2. Policy Statement
a) Irdeto aims to keep information and data secured from unlawful disclosure or access.
b) If you are a security researcher and have discovered a security vulnerability or a suspected security vulnerability in any of our services, we appreciate your help in disclosing it to us in a responsible manner.
c) You can assist us by:
- Ensuring that the vulnerability is not publicly disclosed
- Only using the web form to to report vulnerabilities
- Never contacting Irdeto staff directly or through any channels other than this web form
- Keep communication channels open to allow effective collaboration
- Provide sufficient information allowing us to be able to resolve the issue as quickly as possible
d) We will validate, respond and potentially rectify vulnerabilities disclosed in accordance with our commitment to security and privacy.
e) Irdeto will not take legal action or suspend or terminate access to services of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.
f) Irdeto reserves all its legal rights in the event of any non-compliance.
3. Testing
In no event are you permitted to access, download or modify data residing in any other account but your own.
You are also prohibited from:
- Executing or attempting to execute any denial-of-service attacks
- Knowingly posting, transmitting, uploading, linking to, sending or storing any malicious software
- Testing in a manner that would degrade the operation of the services
- Testing third party applications or websites or services that integrate with or link to the services
- Testing in a manner that would result in an attack on physical security
- Social engineering
- Transmitting spam
4. Guidelines for reporting
Security researchers are required to share the details of any suspected vulnerabilities with Irdeto by submitting them via the disclosure form below.
Please do not publicly disclose these details without express written consent from Irdeto.
5. Privacy
When you send us a report, you also consent to us storing and processing your name and contact details.
If you want to know more about your privacy rights, check Irdeto’s Privacy Policy: https://irdeto.com/privacy.
6. Our Commitment
If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Irdeto commits to:
a) Promptly acknowledge receipt of your disclosure.
b) Provide feedback as to what the course of action will be in response to the disclosure.