Delta Dore and vulnerability disclosure policy

Vulnerability disclosure policy

Delta Dore is dedicated to ensuring the security of its products and services. We work diligently to resolve security vulnerabilities when we discover them. Despite our best efforts, vulnerabilities may still be present.
This document describes our policy for receiving reports related to potential security vulnerabilities in our products and services.
Read this vulnerability disclosure policy before contacting us, and act in compliance with it.

Reporting
If you believe you have found a security vulnerability in one of our products or services, please contact our team by sending an email to vulnerabilities@deltadore.com.
Do not include personal data in your message, only what is necessary to contact you or analyse the vulnerability.

To facilitate our management of your reporting, please include the following information:

  • Date of discovery
  • Product name, model number and version, as found on the casing of the device or on the app, if applicable,
  • MAC address and date code of the device, if applicable,
  • Software version, if applicable,
  • URL and browser information, if applicable,
  • Description of the vulnerability: severity, impacted systems, identified threats,
  • Steps to reproduce the vulnerability. This is to help us understand the reported vulnerability, and allow us to confirm and analyse the vulnerability

You can add screenshots, pictures, or videos, if applicable or necessary, but within reasonable file size (3MB).

You must not:

  • Violate any applicable law or regulation.
  • Access unnecessary, excessive or voluminous amounts of data.
  • Alter data on our systems or services.
  • Use high-intensity invasive or destructive scanning tools to find vulnerabilities.
  • Attempt or report any form of denial-of-service attack, or similar attacks.
  • Disrupt our services or systems.

 

What is vulnerabilities@deltadore.com not intended for?
The vulnerabilities@deltadore.com email address is intended only to report security vulnerabilities on our products or services. It is not intended for general questions, technical support information, or questions about your personal data. For these topics, please find these points of contact:  https://www.deltadore.co.uk/contact or https://www.deltadore.co.uk/personal-data
All content unrelated to security vulnerabilities will not be processed from the vulnerabilities@deltadore.com address.

 

Next steps
Delta Dore will attempt to respond to all reports within twenty working days. We will get in touch with you to follow up, on the email address you used to contact us.
We will prioritise vulnerabilities based on their severity, impact and complexity. The reports might take some time to address. If we can confirm and resolve the reported vulnerability, we will notify you when we do so.