Responsible disclosure policy
Last updated: January 4, 2024
At Simbase, we are committed to maintaining the security of our systems and our customers' data. We provide global IoT connectivity services and understand the critical importance of safeguarding our in-house developed platform, which our customers rely on to manage their devices.
Our Commitment
We continuously monitor and improve our security measures to ensure the integrity and reliability of our services. If you believe you’ve found a security vulnerability within our platform, we encourage you to inform us discreetly, and we promise to investigate all legitimate reports promptly and thoroughly.
How to Report a Security Vulnerability
If you have discovered a potential security issue, please share it with us by following these steps:
1. Send your findings to security@simbase.com.
2. Include sufficient information to reproduce the problem, so we will be able to resolve it as swiftly as possible. Complex vulnerabilities may require further explanation than less complex ones.
3. Disclose the vulnerability to us confidentially, and do not share it with others until we have had a chance to address it.
Our Promise
- We will acknowledge receipt of your vulnerability report within 32 hours.
- We will communicate with you to understand the scope of the vulnerability and will work with you to validate and resolve the issue.
- We will handle your report with strict confidentiality, and we will not share your personal details with third parties without your permission.
- We will keep you informed of our progress during the investigation and resolution stages.
- We aim to resolve any verified vulnerabilities within a reasonable time frame and will release an update as soon as possible.
Out of Scope
Please note that the following issues are considered out of scope for our responsible disclosure policy:
- Findings from automated tools or scans.
- Third-party applications, services, or devices that interact with our platform.
- Denial of Service (DoS or DDoS) vulnerabilities.
Legal
We kindly ask that you refrain from any activity that could harm Simbase or our customers, including but not limited to privacy violations, data destruction, and interruption or degradation of our services. If your security research adheres to this policy, we consider it to be authorized in the context of applicable legal statutes and will not initiate legal action against you.
Simbase is dedicated to working with the security community to find and fix security issues within our services. Together, we can keep our shared digital ecosystem safe and secure.