Vulnerability Disclosure Policy

 

MY01 Inc. promotes proactive, as well as responsive, security maintenance of its products. MY01 Inc. recognizes the value external security reports can bring to the security of its products. We encourage reporters to inform us promptly of security vulnerabilities. The MY01 Inc. team will investigate the vulnerability report and react accordingly to the investigation findings. This policy outlines the vulnerability disclosure process for reporting security incidents to the security response team of MY01 Inc.

Individuals or organizations that are aware of a security issue are strongly encouraged to report the security incident to the following email security@my01.io. Please include the following fields in your email:

  • Individual Full Name/ Organization name: First and last name of reporter in case of an individual. The organization name for reports from vendors of components, regulatory bodies, and other forms of organizations including the contact person.
  • Vulnerability description: Provide a short description of the vulnerability and possible threats from exploitation.
  • Product identifier: product name, serial number, lot and version information of affected product(s) must be stated.
  • Indication if any incidents have been reported: Indicate incidents leading to harm, if any, have occurred during the exploitation of the vulnerability.
  • CVSS score v3.1 (optional): if possible, use the CVSS tool 3.1 to rate the exploitability of vulnerability.
  • Contact information: please provide alternative contact information such as a cellphone number or an alternate email.

Receipt of the reports will be acknowledged within 7 working days. Ongoing status on reported issues will be determined as needed.

Please allow for sixty days from the day the receipt of a legitimate vulnerability is acknowledged for the MY01 Inc. team to respond, and produce a patch or a workaround to its customers.