Munisense attaches great importance to the security of its systems and the privacy of its users. Despite our efforts to create a secure environment, vulnerabilities may still exist. If you discover a security issue, please report it to us responsibly so we can take appropriate measures and ensure the security of our systems.
Scope
This policy applies to all public Munisense systems and services, including but not limited to our websites, applications, and APIs.
Reporting Guidelines
If you discover a vulnerability, please observe the following guidelines:
- Report the vulnerability as soon as possible: Send your findings to us using the method specified in this document.
- Do not share the vulnerability with others until we have been able to resolve it within a reasonable time.
- Provide a detailed description: Describe the vulnerability clearly and completely, including the steps to reproduce it, so we can quickly verify and resolve it.
- Respect privacy and data protection: Do not view, modify, or delete any data.
- Limit your actions to what is necessary: Do not exploit the vulnerability further than necessary to demonstrate the problem.
- Do not use destructive methods: Do not perform actions that could compromise the availability or integrity of our systems, such as denial-of-service attacks.
- Do not attack physical security, use social engineering, send spam or phish, or use automated vulnerability scanning applications.
What you can expect from us
When you report a vulnerability according to these guidelines, you can expect the following:
- Fast confirmation of receipt: We will confirm receipt of your report within three business days.
- Transparency throughout the process: We will keep you informed about the progress and status of your report.
- No legal action: We will not take legal action against you if you act in accordance with this policy and report the vulnerability responsibly. However, this does not apply in cases where you act in bad faith, such as extortion, willful data corruption, or reducing the availability of our systems.
- Confidentiality of your report: Your personal data will not be shared with third parties without your consent, unless legally required.
No Reward Policy
Munisense does not have a policy for rewarding vulnerabilities. This decision was made because reward programs are often abused, and significant time is spent reviewing reports that fall outside the scope or have no impact on security. We encourage responsible vulnerability reporting but do not offer financial or material rewards.
No Invitation to Investigate
Our reporting policy is not an invitation to actively scan our network for vulnerabilities. We monitor our network ourselves. Therefore, there is a high chance that a scan will be detected, our team will investigate, and unnecessary resources may be wasted investigating.
Exclusions
This policy does not apply to:
- Vulnerabilities in third-party systems or services that are integrated with ours but not under our direct control.
- Vulnerabilities that are already publicly known or have already been identified by us.
Contact
The most recent contact information is included in a security.txt file on our website:
https://munisense.net/.well-known/security.txt
You may sign or encrypt your report with the PGP key using ID 5BB32F169E8A86ECD975EFC941C0170A0B6F7531 (RSA4096):
https://munisense.net/.well-known/security-pgp-key.txt
And send it to: joffrey at munisense.com
Please state the vulnerability as clearly as possible and how we can validate it.
You can submit a report anonymously or with your contact information. We will only use this information to contact you with questions or feedback about your report, unless we are legally obligated to do so (for example, due to a police investigation or a court order).
Final Remarks
We strive to continuously improve our systems and appreciate the security community's help in identifying potential vulnerabilities. By working together, we can create a more secure digital environment for everyone.
Thank you for contributing to the security of Munisense.
