REPLIL Vulnerability Handling & Coordinated Disclosure Policy (“Policy”) addresses cybersecurity vulnerabilities affecting REPLIL products, software, and systems to support the security and safety of our customers. We work collaboratively with researchers, Cyber Emergency Response Teams (CERTs), and asset owners to ensure that accurate information is provided in a timely fashion to adequately protect customer installations. This policy targets compliance with ISO/IEC 29147 and ISO/IEC 30111.
REPLIL Technologies values the work of security researchers and seeks to work collaboratively and responsibly with them to improve the security of its products, software, and systems. Researchers participating in research programs agree to follow responsible research and disclosure principles, and the program rules described below. In performing research on REPLIL Technologies products, software, and systems and participating in this program, researchers agree:
- Not to cause any harm to product owners or operators, REPLIL Technologies, or other third parties, including by compromising installed products, software, and systems or the privacy of REPLIL Technologies customers, employees, or third parties;
- To comply with applicable governing law; and
- That any disclosure of a reported vulnerability shall be conducted according to the terms of this program.
REPLIL Technologies agrees not to pursue legal action relating to a vulnerability report and the associated security research against a researcher that complies with the program rules.