InPlay Vulnerability Disclosure Policy (VDP)

About InPlay Vulnerability Disclosure Policy (VDP) policy

At InPlay’s Product Security Incident Response Team, we take the security of our products seriously. Below Vulnerability Disclosure Policy (VDP) outlines the process of accepting and responding to potential security vulnerabilities involving InPlay semiconductor and firmware products.

We encourage individuals, security researchers, and other stakeholders who discover potential vulnerabilities in helping us maintain the security and integrity of our products.

Reporting Vulnerability

If you have identified a security vulnerability in our semiconductor products, we request that you follow these guidelines when reporting it:

a. Provide a detailed description of the vulnerability, including steps to reproduce it, potential impact, and any supporting materials (such as proof-of-concept code or screenshots).

b. Submit your vulnerability report via email to our dedicated security contact at contact@inplay-tech.com or IPSIRT@inplay-tech.com. Please avoid sharing vulnerability details or proof-of-concept code publicly before we have had an opportunity to review and address the issue.

c. Allow us a reasonable amount of time to investigate and address the reported vulnerability before disclosing it publicly or to third parties. We commit to acknowledging your report within 7 business days and to providing regular updates on the progress of remediation efforts.

Our Commitment

Upon receiving a vulnerability report, we will:

a. Promptly acknowledge receipt of the report and assign it a tracking number for reference.

b. Work diligently to validate the reported vulnerability and assess its severity and potential impact on our products and customers.

c. Maintain clear and timely communication with the reporter throughout the remediation process, including providing updates on our progress and any necessary coordination for testing or verification.

d. Take appropriate steps to address the reported vulnerability, which may include developing and deploying patches, firmware updates, or other mitigation measures.

Purpose of InPlay Product Security Incident Response Team is to foster a cooperative and transparent environment with the security community and demonstrate our commitment to addressing vulnerabilities promptly and responsibly.