The InPlay Inc Product Security Task Force (PSTF) is dedicated to promptly identifying and addressing security vulnerabilities in our products. We take an active approach in managing these vulnerabilities by swiftly acknowledging, documenting, and providing clear mitigation strategies to our customers.

Areas of Security Oversight

Handling Procedure

Vulnerability Reporting

Ethical Disclosure

Security Oversight by PSTF

PSTF handles a variety of security incidents:

Security vulnerabilities in both hardware and software of InPlay products.

Deficiencies in InPlay security guidance or advice in official documents (for example, datasheets and application notes).

Instances of confidential InPlay documents or sensitive information found in unauthorized locations.

InPlay products containing sensitive information found in inappropriate places.

However, some incidents are outside PSTF's jurisdiction:

Security flaws in InPlay's IT systems, like the official website. While not handled by PSTF, you can still report them. They'll be redirected to the correct team within InPlay.

Requests for general support or unrelated incidents. Please direct these to the general support page at Support | InPlay Inc. PSTF does not process emails concerning product support or unrelated topics.

Handling Procedure for Vulnerabilities

We adopt a structured approach to manage security vulnerabilities in InPlay products. Response times may vary depending on the issue's complexity. The procedure involves four key steps:

Reporting: The person reporting the vulnerability receives acknowledgement and regular updates.

Assessment: InPlay verifies the potential vulnerability, measures the risk, gauges the impact, and prioritizes accordingly.

Resolution: InPlay devises practical strategies and solutions to address the reported security vulnerability, whenever possible.

Communication: InPlay typically contacts the affected customers directly to inform them of the situation.

How to Report a Potential Security Vulnerability

If you suspect a potential security vulnerability in an InPlay product, contact PSTF immediately. We aim to acknowledge vulnerability reports within 24 hours. However, this might extend to 72 hours during weekends or holidays. If you haven't received a response within this period, please resend your message. Include the following information in your report:

Affected products and their versions

Comprehensive description of the vulnerability

Details about known exploits

Given the sensitive nature of such information, we strongly advise placing all security vulnerability reports to PSTF in a password-protected ZIP file.

Password-protected ZIP files can be created using various software options. Make sure to use a strong password, and please transmit the password via a separate, secure channel. PSTF will not respond to general support requests. Please consult our support page for product assistance.

Ethical Disclosure

InPlay works with the reporter to agree upon an ethical disclosure strategy. Upgrading or patching InPlay products differs from standard PC updates since our products, often chips with embedded software, are frequently deployed in systems that may not be easily or directly updated.

A responsible disclosure may therefore require more time or restrictions on the disclosed information (for instance, anonymous disclosure: reveal attack methods without identifying affected products). This approach allows our customers time to adapt and protect their systems before the disclosure can potentially damage them.