As a provider of security solutions, services, and research, ILLUMANT takes security issues very seriously. It is our policy to work and coordinate with other vendors with regards to discovered vulnerabilities, with the intention of keeping users and customers safe. This document will share our process for disclosure.

Outreach

ILLUMANT will reach out to the impacted vendor, vendors, or other, through the appropriate contact method to notify them of the existence of a discovered vulnerability with regards to their product or service offering. If a vendor did not publish a designated security contact on their website, ILLUMANT will attempt to contact relevant contacts and will email “security@” mailbox. When a secure method of communication is provided from the vendor(s) or other, ILLUMANT will share its findings. To ensure contact is made, ILLUMANT will make multiple, documented attempts to contact the vendor(s) or other, either directly or through third parties.

If no response is received from the impacted vendor(s) or other within two weeks, ILLUMANT may choose to release the findings publicly in order to notify and/or protect the great public.

Response Time

ILLUMANT will do its best to work with the appropriate vendor(s) or group over a 90-day time period to address the vulnerability with a patch. We will provide additional information, as well as assistance, to ensure the security issues identified is verified and resolved. At the end of the 90-day period, or before, in a case where the issue is resolved, ILLUMANT may publish its findings in order to notify and/or protect the great public.

With any security issue, we recognize that it may take longer than 90 days to address the security issues. In these circumstances, we will work with the vendor(s) or group on a case-by-case basis.

Other Parties

ILLUMANT reserves the right to discuss and disclose any discovered vulnerability with other parties or security vendors if we deem it is in the greater interest of providing a better overall response. Any such disclosure will be made responsibly, and the other party or security vendor must ensure proper action and disclosure should they take any action.

ILLUMANT will publish any security findings on its website and other locations, as deemed appropriate and responsible.

Anyone wishing to reach out to ILLUMANT regarding a security vulnerability may do so at info@illumant.com.