Guidelines for reporting a security vulnerability
If you believe you have discovered a vulnerability in an Akouto product, system or web-facing property, please submit a vulnerability report via email to info [at] akouto.com. Please note, Akouto does not operate a public bug bounty program and we make no offer of reward or compensation in exchange for submitting potential issues.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBF1ddsYBCADccwUlO9A+Fu7VAQENNSgKdqYYJCdOsYybdZkg4XgEwwiZPMiv WTFNlnVK5K3/LvA96YEK/i2BpHmIzho80DYA/zUy4B4omcdE1q/DXzwJlDZfKDSs uJQ8TW2TG0TyJg4rkr1Voqr6bkorJfS4VBYB/MBVH4Cc3TFOTlbnkrLbKhlLFQuv FB7YY8loOjWXmnyLjau33BpZsJILxoPu6S/4qR131cVE3p99xbuxtbxkYmPzvPvS +Mb7wszk1pAaawozWZgv4ePy22006b95dj7R2ejyG5cBn1RQs14iWnbS1L8U7U1k JmhZKx95uMEfPWYpmZYTSKY0XlUUIPGavBc5ABEBAAG0MUFrb3V0byBDb25zdWx0 aW5nIFNlcnZpY2VzIEluYy4gPGluZm9AYWtvdXRvLmNvbT6JAU4EEwEKADgWIQT8 3epdYm3cwiCCjJSyqrIH81+CHgUCXV12xgIbAwULCQgHAgYVCgkICwIEFgIDAQIe AQIXgAAKCRCyqrIH81+CHgPfB/9p2Hh42vg1KhnWlxmIyQxD12wLpKu9bxVa5gx+ k47xiZ0gpgbaLx9BDGKOZrJeUibr7mwsiknM9N18+TKpUZOJ9ZtYEX0d8DplbGJZ RqZIH7B2ylMQMt5Ey3Co3bd2/1BB/S8T4SocsY10iqIRIJ2l95768UwB/mymMJny FyonoWihALO1MA3T/8AyJOXLXW3usV+ntkTS3pzhrtL/CRskEuetX+PqGtE21Pyu HqfAcuUnOiOuz+elB1Sx2Xe205zilTzlx8Zr6pkWjO6Lwm0IM54svSYTmdAwqW7o HDTWJBun1NRgMbpyBNzzzx1sQ+8tWL9bpjIxCUOQunB3n5qPuQENBF1ddsYBCAC/ +H6EOKTa039F6k6yPydTalrm1h0Ct6Dj4jkXyKf5Cmvarw0g01ciX842zVNNk8Q4 9rxCo9R1ZZffiHyy4EQz8RG9bUZ9KWtSGF/p4jLP75Rf79MuRSY6q+tEJ7EBkdSg Bl5RfiIGdi/kNaZSAqQixJqrL05JOyZwGpcO0fG2TmIPjiOqEexf5EbYuNTCQZpJ uZQnSMzhyzW/iVrQRwkmqIhN2hNwlylN4i7mBoHAodlHatD8h7f9AzYwP8ELmCb7 qUOuDdw441AmseW6H4SmezWG+jULan2JhW1Uny4nEeS2G4jrSelrojf7wvLMWKR3 fIqsVELbrOtSAxKKF0ujABEBAAGJATYEGAEKACAWIQT83epdYm3cwiCCjJSyqrIH 81+CHgUCXV12xgIbDAAKCRCyqrIH81+CHnfuB/0aspqhCdf1WAyuhi8qv7GRkioi KySLnDlj8OrveWzu1oboIB0sFKM/+CkZMMns0I8X0Mdzo/YwAXX440/a0EbvbImt Q9qncpqlnEQS4+soWUEbaslXohhYeLbBf+WAtyTYrfVypHK0dqO0NvK/d9XzLs6l fQsn6AIAuTKgf/RW50y/zVqQ5zTHcRqLfX+XIVH7aNbIfsq4wpMvXY/ehnEidVwX o3YoVVtxjQnpKKzj8L5v2SAOf3tlK2xdemaixI62lSl4XBuM9pig/Z0erC++z44G 5MM5bRBDyOlCAyIdsYWf2xj7Omv22jnqXExye7TZEOwupHHkVOo1uoP+LxDS =oZIU -----END PGP PUBLIC KEY BLOCK-----
Please do not publicly disclose these details without contacting Akouto first, and without expressed prior written agreement from Akouto.
Akouto Disclosure Policy
Security is the primary goal at Akouto, and we are committed to keeping our customers safe . One of the ways we work to achieve this goal is by using a Secure Development Lifecycle process to integrate security into our products from design, through development and release.
Sometimes, even our best efforts escape detection, or new exploits are released after the product is already on the market. While we work to minimize these occurrences, we are also prepared to respond quickly to resolve them.
At Akouto we are committed to investigate all received vulnerability reports and implement the quickest and best course of action in order to protect our customers. We invite all security researchers that discover a security vulnerability in our products, to share this information with us in a responsible manner. If a verified vulnerability in compliance with Akouto’s Responsible Disclosure Policy is identified, Akouto commits to:
- Respond promptly within 48 business hours to acknowledge receipt of any vulnerability reports, working closely with security researchers to understand the nature of the issue and work on timelines for fix/disclosure together.
- Provide prompt notification when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated.
Akouto supports responsible disclosure, and we take responsibility for disclosing product vulnerabilities to our customers. In our ongoing efforts to encourage responsible disclosure, we ask that all researchers comply with the following Responsible Disclosure Guidelines:
- Provide Akouto with an opportunity to correct vulnerability within a reasonable time frame before publicly disclosing the identified issue, in order to ensure that Akouto has developed and thoroughly tested a patch and made it available to licensed customers at the time of disclosure.
- Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
- Not modify or destroy data that does not belong to you.
Guidelines for responsible disclosure suggest that customers have an obligation to patch their systems as quickly as possible. It is routine to expect patching to be completed within 30 days after release of a security patch or update.
Akouto advises its customers that those who exploit security systems often do so by reverse engineering published security updates, and therefore encourages its customers to patch systems in a timely manner.
The responsibility for adhering to this policy and reviewing the effectiveness of actions taken to respond to concerns raised under this policy is overseen by Akouto’s senior management team. Various officers of Akouto have routine operational responsibility for this policy, and must ensure that all managers and other staff who may deal with concerns or investigations under this policy receive regular and appropriate training.
Akouto is grateful for your responsible disclosure should a vulnerability be discovered, however we do not authorize any activities to scan for or exploit vulnerabilities on any production systems or applications.