IOPSYS takes security issues seriously and welcomes any feedback from the community in order to improve the security of our SDK
Some general recommendations when sending a vulnerability report;
Title of the vulnerability
When creating a title for the vulnerability, be explicit about what the vulnerability is. Write a short and precise subject line to the email such as “A memory corruption vulnerability exists in dnsmasq service when processing specially crafted packets”.
A great way to describe a vulnerability in a short, clear way is to include references/links to trusted sources that can help others understand, identify, and fix the bug. This could be an OWASP link, CVE references, or links to other public advisories and standards.
Also include if you can;
• What SDK version it is based on
• Link to where we can find the software for the test
• What hardware is on
• What board family is it based on
• Relevant logs and traces
• Share which tool or tools you used when finding the vulnerability
We will respond to you as soon as possible. If the suspected security issue is confirmed, we will then come back to you with an estimate of how long the issue will take to fix. Once the fix is available you will be notified.
Please stay legal and don’t be evil.