Product security

If you believe that you’ve discovered a security or privacy vulnerability that affects navel robotics devices, software, or services, please report it directly to us at security@navelrobotics.com . Reports should include specific product and software version(s) that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit.

We welcome the contributions of security researchers and strive to provide the best vulnerability disclosure experience possible.

The navel robotics security team will use reasonable efforts to respond in a timely manner, acknowledging receipt of the vulnerability report, provide an estimated time frame for addressing the vulnerability report and notify the reporter when the vulnerability has been fixed.

Responses

Acknowledgement of receipt: Formal acknowledgement of the information received within two weeks.

Ongoing communication: Detailed documentation of the vulnerability and its reproduction, of the involvement of potentially affected 3rd parties, and of the preparation and planning for remediation within one month.

Eligible Vulnerabilities

We encourage disclosure of any security vulnerabilities that have the potential to impact the security or privacy of our customers.  When submitting a vulnerability report, please provide concise steps to reproduce that are easily understood.

Disclosure

For the protection of our customers, navel robotics doesn’t disclose or discuss security issues until our investigation is complete, and any necessary updates are generally available.

Rewards

This program does not provide monetary rewards for bug submissions.

Protected Disclosure

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you.

Terms and Conditions

  • Do not attempt to gain access to another user’s account or confidential information.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
  • Please do not test for spam, social engineering, or denial of service issues.
  • Please do not engage in any activity that can potentially or cause harm to navel robotics, our customers, or our employees.
  • Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets, or systems reside, (ii) data traffic is routed, or (iii) the researcher is conducting research activity.
  • Do not store, share, compromise, or destroy navel robotics or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact navel robotics.
GDPR Cookie Consent with Real Cookie Banner