Vulnerability Disclosure Policy
Introduction
At SWARM we take the security of our systems and data seriously. We recognise the importance of working with security researchers and members of the wider community to identify and address potential vulnerabilities in our systems. This Vulnerability Disclosure Policy outlines how individuals can report security vulnerabilities they discover in our systems or services, and how we will handle such reports.
Scope
This policy applies to all systems, applications, websites, and services owned or operated by SWARM.
Purpose
This policy establishes guidelines for identifying, assessing, and mitigating vulnerabilities in SWARM’s information systems. The objective is to maintain a secure environment, protect sensitive data, and respond effectively to potential threats.
Vulnerability Identification
Regular vulnerability assessments and scans will be conducted on all information systems. The Common Vulnerability Scoring System (CVSS) will be used to assess the severity of identified vulnerabilities.
Responsible Disclosure:
We encourage responsible disclosure of security vulnerabilities. If you discover a vulnerability in any of our systems, we ask that you:
- Submit a Report: Submit a detailed report of the vulnerability to our security team via email at security@swarm.eco. Please include a description of the vulnerability, steps to reproduce it, and any additional information that may help us understand and address the issue.
- Provide Reasonable Time: Allow us reasonable time to assess and address the reported vulnerability before making any information about it public or sharing it with others.
- Cooperate: Work with our security team in good faith to resolve the issue, including providing additional information if requested.
Guidelines for Reporting:
When submitting a vulnerability report, please adhere to the following guidelines:
- Provide detailed information about the vulnerability, including a description of the issue, its potential impact, and steps to reproduce it.
- Include your contact information so that we can communicate with you regarding the reported vulnerability.
- Do not engage in any activities that could potentially harm our systems or data while researching or testing for vulnerabilities.
- Do not disclose the vulnerability to others until we have had an opportunity to address it.
What We Will Do:
Upon receiving a vulnerability report, we will:
- Acknowledge Receipt: Acknowledge receipt of your report within 3 business days.
- Investigate: Conduct a thorough investigation of the reported vulnerability to verify its validity and assess its impact.
- Develop a Fix: Develop and implement a fix for the vulnerability.
- Notify You: Once the vulnerability has been addressed, we will notify you and, if appropriate, publicly acknowledge your contribution to our security efforts.
- Coordinate Disclosure: Work with you to determine an appropriate timeline for disclosing the vulnerability to the public, taking into account any potential risks or sensitivities.
Support Period
At SWARM we offer a 3 year support period meaning that our Hub:One devices will be supported until March 2027. This includes software and hardware support.
What does this mean for you?
- Extended Peace of Mind: With the 3 year support period, you can rest assured that your Swarm Hub:One device will be backed by dedicated technical assistance and timely updates for an extended duration.
- Continuous Innovation: Our commitment to innovation doesn’t stop at product launch. Throughout the Swarm Hub:One 3 year support period, you’ll have access to new features, enhancements, and optimisations, ensuring your device remains at the forefront of technological advancement.
- Enhanced Connectivity: Stay connected seamlessly with our support team, who are here to address any queries or concerns you may have. Whether it’s troubleshooting, setup assistance, or simply seeking advice, we’ve got you covered.
- Future-Proof Investment: Investing in Swarm Hub:One isn’t just a purchase – it’s an investment in the future of renewable technology. With our commitment to ongoing support, your investment will continue to deliver value and innovation well into the future.
Should you experience any issues with your device please contact us at help@swarm.eco.
Scope Limitations
Please note that this policy only applies to security vulnerabilities in systems owned or operated by SWARM. It does not cover third-party systems or services, even if they are integrated with or used by our systems.
Acknowledgement
We would like to thank the security researchers and members of the community who help us improve the security of our systems through responsible disclosure of vulnerabilities.
Compliance and Review
This policy will be reviewed annually and updated as necessary to align with emerging threats, technologies, and best practices. Non-compliance with this policy may result in disciplinary action.