CROSSCALL VULNERABILITY DISCLOSURE POLICY

Customer safety is one of CROSSCALL's top priorities. It motivates us at every stage in the design of our products. Even after our products have gone to market, we do our utmost to respond quickly to potential security flaws and vulnerabilities.

CROSSCALL adheres to the principles of responsible vulnerability disclosure and encourages you to report in good faith security vulnerabilities you have detected via the reporting form.

To assist you in this process, CROSSCALL has drawn up this vulnerability disclosure policy. CROSSCALL informs you about the vulnerability handling process, from receipt by CROSSCALL to publication by CROSSCALL of verified and corrected vulnerabilities.

Commitments CROSSCALL

Responsible disclosure of security vulnerabilities helps to ensure customer security.
CROSSCALL treats every form it receives with the utmost care, and is committed to remedying potential security vulnerabilities as quickly as possible.

  • We process each form carefully and inform you within 7 calendar days when it has been processed;
  • Work with the declarant to understand vulnerability ;
  • Implement the necessary actions to rapidly resolve the potential vulnerability
    ;
  • Distribute patches to consumers as quickly as possible, depending on the vulnerability being addressed. This information will be passed on to you in the course of our discussions.
  • Publish treated vulnerabilities

declarant commitments

  • Comply with all applicable laws in the context of your IT security research activities;
  • Use the form to report potential vulnerabilities as completely as possible, and provide sufficient information so that CROSSCALL can reproduce the vulnerability and resolve it quickly;
  • As soon as a vulnerability is discovered, please respect the confidentiality of this security flaw while the patch is being distributed on our equipment, in particular to avoid any violation of personal data, degradation of the user experience, disruption of servers or destruction of any data.
  • Do not disclose your vulnerability during the 90-day treatment period at CROSSCALL .
  • Refrain from using the declared vulnerability for offensive, commercial or professional purposes.

It is reminded that the discovery of a vulnerability can in no way imply any intellectual property right or claim on Crosscall's software or products.

If you would like to contact CROSSCALL with questions about your products, technical support information or an after-sales problem, please use the appropriate form.