IOPSYS Security Vulnerability Contact Information

IOPSYS takes security issues seriously and welcomes any feedback from the community in order to improve the security of our SDK

To contact us privately and report any suspected security issues, please send an email to , giving as much detail as you can.

Some general recommendations when sending a vulnerability report;

Title of the vulnerability

When creating a title for the vulnerability, be explicit about what the vulnerability is. Write a short and precise subject line to the email such as “A memory corruption vulnerability exists in dnsmasq service when processing specially crafted packets”.

A great way to describe a vulnerability in a short, clear way is to include references/links to trusted sources that can help others understand, identify, and fix the bug. This could be an OWASP link, CVE references, or links to other public advisories and standards.

Also include if you can;

• What SDK version it is based on
• Link to where we can find the software for the test
• What hardware is on
• What board family is it based on
• Relevant logs and traces
• Share which tool or tools you used when finding the vulnerability

We will respond to you as soon as possible. If the suspected security issue is confirmed, we will then come back to you with an estimate of how long the issue will take to fix. Once the fix is available you will be notified.

 

Please stay legal and don’t be evil.

Thank You,
IOPSYS Security Team