Vulnerability Disclosure Policy

At Vizrt we take the security of our products and services seriously. We are committed to maintaining the privacy, integrity, and availability of our systems and data. This Vulnerability Disclosure Policy outlines how to report security vulnerabilities responsibly.

Scope

This policy applies to all products and services provided by Vizrt. It covers the process for reporting potential security vulnerabilities and our commitment to addressing them in a timely manner.

Reporting a Vulnerability

If you discover a security vulnerability, please report it by following these steps:

1. Contact: Send an email to [email protected]  with the subject line: "Security Vulnerability Report."
   
2. Information: Include sufficient details to help us understand the issue, such as: 
   1. A detailed description of the vulnerability.
   2. Detailed description of the steps to reproduce the issue including screenshots if possible.
   3. Potential impact.
   4. Any supporting documentation or proof-of-concept code.
        
3. Confidentiality: Do not disclose any information regarding the vulnerability publicly, until we have resolved it and given you written permission.

Our Commitment

Upon receiving a vulnerability report, Vizrt commits to:

• Acknowledging receipt of the report within 7 business days.
• Providing updates on the progress.
• Addressing the vulnerability prioritizing based on the expected impact.
• Coordinating public disclosure with the reporter once a fix is available.
    

Safe Harbor

We will not pursue legal action against individuals who:

• Engage in good faith security research.
• Report vulnerabilities through the designated channel.
• Avoid privacy violations, data destruction, or service disruption.

Out of Scope

The following activities are considered out of scope and should not be performed:

• Physical attacks on data centers or infrastructure.
• Social engineering or phishing against employees or customers.
• Denial-of-service attacks.

Recognition and Credit

We appreciate the efforts of security researchers and may offer public recognition for responsible disclosures with the reporter's consent.

Contact Information

For any questions regarding this policy, please contact our security team at  [email protected] .

Policy Updates

This policy may be updated from time to time. Please review it periodically for any changes.