CROSSCALL VULNERABILITY DISCLOSURE POLICY

Our customers' security is a top priority here at CROSSCALL. It's the driving motivation behind every step of the design process for our products. Even beyond their release onto the market, we implement all measures within our means to make sure that we're reactive and swiftly respond to any potential security issues or vulnerabilities in our products.

CROSSCALL upholds the principles of the responsible disclosure of vulnerabilities and encourages customers to report, in good faith, any security vulnerabilities that they've detected through the reporting form.

CREATE REPORT

To help you with this process, CROSSCALL has established this Vulnerability Disclosure Policy. CROSSCALL keeps you informed of the vulnerability processing procedure, from CROSSCALL's receipt of the vulnerability report up to CROSSCALL publishing any verified and corrected vulnerabilities.

CROSSCALL's commitments

The responsible disclosure of security issues helps to guarantee customers' security. CROSSCALL therefore attentively processes each and every report received, and undertakes to resolve any potential security issues as promptly as possible.

  • Attentively process each report and keep you informed of its effective processing within 7 calendar days;
  • Work with the reporter in order to get a comprehensive understanding of the vulnerability;
  • Implement the necessary actions to swiftly resolve the potential vulnerability;
  • Distribute corrections to consumers as soon as possible, with the time frame determined according to the vulnerability in question. This information will be sent to you as part of our communication.
  • Publish any vulnerabilities processed.

The reporter's commitments

  • Respect all laws applicable to your research activities in relation to IT security;
  • Use the form to report any potential vulnerabilities, providing as much detail as possible and giving sufficient information to enable CROSSCALL to reproduce the vulnerability and promptly resolve it;
  • Once a vulnerability has been discovered, please keep this security issue confidential whilst it is processed and a correction is distributed across our equipment, namely in order to avoid any personal data breaches, user experience downgrading, server disruption, or the destruction of any data.
  • Refrain from disclosing the vulnerability whilst it is being processed by CROSSCALL (a 90-day period)
  • Refrain from using the reported vulnerability for offensive, commercial or professional purposes.

It is recalled that in no case may the discovery of a vulnerability engage any intellectual property rights or entail the filing of any claims against Crosscall's products or software.
If you want to contact CROSSCALL regarding any questions you may have about your products or if you'd like further information on technical support or an After-Sales Service issue, please use the appropriate form.