Vulnerability Disclosure Policy

Reporting a Vulnerability

If you discover a security vulnerability, please report it by following these steps:

• Contact: Send an email to [email protected] with the subject line: “Security Vulnerability Report.”
• Information: Include sufficient details to help us understand the issue, such as:
  • A detailed description of the steps.
  • Detailed description of the steps to reproduce the issue including screenshots if possible.
  • The potential impact.
  • Any supporting documentation or proof-of-concept code.
• Confidentiality: Do not disclose any information regarding the vulnerability publicly, until we have resolved it and and given you written permission to do so.

Our Commitment

Upon receiving a vulnerability report, Vizrt commits to:

• Acknowledging receipt of the report within 7 business days.
• Providing updates on the progress.
• Addressing the vulnerability prioritising based on the expected impact.

Safe Harbor

We will not pursue legal action against individuals who:

• Engage in good faith security research.
• Report vulnerabilities through the designated channel.
• Avoid privacy violations, data destruction, or service disruption.

Out of Scope

The following activities are considered out of scope and should not be performed:

• Physical attacks on data centers or infrastructure.
• Social engineering or phishing against employees or customers.
• Denial-of-service attacks.

Recognition and Credit

We appreciate the efforts of security researchers and may offer public recognition for responsible disclosures with the reporter’s consent.

Contact Information

For any questions regarding this policy, please contact our security team at [email protected].

Policy Updates

This policy may be updated from time to time. Please review it periodically for any changes.