Thales eSecurity takes the security of its products very seriously and we value the work that security researchers and professionals put into improving the security of our products. We are committed to working with the community through coordinated and reasonable disclosure guidelines, as described below.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Thales eSecurity would like to ask you to help us in this endeavor by doing the following:
- Please email your findings to firstname.lastname@example.org. Encrypt your report using the PGP key attached to this article, to prevent critical information from being accidentally disclosed. Do provide as much of the following information as possible:
- Product Name, version, and operating environment;
- Type and impact of the issue;
- The configuration/state required to reproduce the issue;
- A compressed archive file containing proof of concept code, scripts, or other data which facilitates the reproduction of the issue;
- Name and additional contact details (optional).
- Do not take advantage of the vulnerability or problem you have discovered, for example, by downloading more data than necessary to demonstrate the vulnerability, or deleting/modifying other people's data.
- Do not reveal the problem to others until it has been resolved.
- Do not use attacks on physical security, social engineering, distributed denial of service, spam, or applications of third parties.
We will handle all reports with strict confidentiality, and will not pass on your personal data to third parties without your permission.
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.