1. Introduction SUMEC Machinery & Electric Co.,Ltd. is committed to ensuring the security of our products and services. We recognize the importance of coordinated vulnerability disclosure (CVD) in mitigating risks and improving cybersecurity. This policy outlines our approach to handling security vulnerability reports in alignment with international best practices.
2. Objectives and Responsibilities
Our objective is to work collaboratively with security researchers, customers, and other stakeholders to identify and address security vulnerabilities.
We commit to investigating and mitigating reported vulnerabilities promptly while maintaining clear communication with the reporter.
We expect responsible disclosure from reporters, allowing us sufficient time to develop and deploy patches before public disclosure.
3. Reporting a Vulnerability We encourage security researchers, customers, and third parties to report vulnerabilities through the following official communication channels:
Email: [email protected]
Web Form (HTTPS encrypted): https://navigatorlatam.com/pages/contact-us
4. Secure Communication Options For secure submissions, we support encrypted communications:
Secure Web Form: Our vulnerability submission portal uses HTTPS to protect submitted data.
5. Information to Include in a Vulnerability Report To assist our security team in evaluating and addressing vulnerabilities effectively, please provide the following details:
A detailed description of the vulnerability.
Steps to reproduce the issue, including proof-of-concept code if applicable.
Affected product, service, and version details.
The potential security impact of the vulnerability.
Contact information for follow-up communication.
6. Response and Disclosure Process Upon receiving a report, we will:
Acknowledge receipt of the vulnerability report within 5 business days.
Assess and verify the reported vulnerability.
Provide periodic updates on the status of the investigation and remediation progress.
Coordinate with the reporter regarding disclosure timelines.
Issue a security advisory and release necessary patches as appropriate.
Publicly acknowledge the reporter’s contribution (if permitted).
7. Scope and Limitations
This policy applies to vulnerabilities in SUMEC Machinery & Electric Co.,Ltd.’s products, services, and infrastructure.
The policy does not apply to vulnerabilities in third-party applications, social engineering attacks, or physical security concerns.
Reports related to phishing, spam, or fraudulent activity should be submitted to [email protected].
Any testing must not compromise customer data, disrupt services, or violate applicable laws.
8. Public Disclosure and Recognition
We encourage responsible disclosure and will coordinate with reporters on the timing of public disclosures.
If desired, we will credit security researchers in our advisories and hall of fame.
9. Contact and Further Information For any questions regarding this policy or to submit a vulnerability report, please contact:
Security Team: [email protected]
CVD Policy URL: https://en.navigatorlatam.com/pages/cvd
