Vulnerability disclosure policy

Introduction

Monimoto, UAB is committed to the safety and security of our customers’ data and our systems. We highly value the role of security researchers in our continuous effort to improve our security posture. This policy aims to encourage responsible vulnerability research and disclosure.

Authorization

When security research is conducted in accordance with this policy, Monimoto, UAB considers it to be authorized. We commit to not taking legal action against such research and to working collaboratively to understand and remediate reported issues.

Guidelines

Researchers are expected to:

  • Notify us as soon as possible after discovering a potential vulnerability.
  • Avoid violating privacy, degrading user experience, disrupting production systems, and altering data.
  • Cease testing and notify us immediately if sensitive data is encountered during research.
  • Refrain from the use of any kind of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack.

Scope

This policy applies to the following Monimoto, UAB systems and services:

  • The websites monimoto.com, cyclooptracker.com
  • Monimoto mobile applications
  • Monimoto backend services
  • Monimoto hardware devices

Please refrain from testing any services not explicitly mentioned above unless previously authorized.

Reporting a Vulnerability

Vulnerability reports should be sent to [email protected] and should include a description, the location of the vulnerability, and steps needed to reproduce the issue. Reports can be submitted anonymously, but if you include contact information, we will acknowledge receipt of your report within 5 business days.

Response and Transparency

Upon receipt of a report, we will:

  • Acknowledge receipt within 5 business days.
  • Validate the vulnerability in a timely manner.
  • Communicate our progress during the remediation process.
  • Engage openly with the reporting researcher throughout the process.

Compensation

Monimoto, UAB does not offer monetary compensation for vulnerability disclosures.

Questions and Feedback

For any queries or suggestions about this policy, please reach out to [email protected].

Document Change History

Version 1.0 – 2024 April 24 – Initial publication.

Note: This policy is subject to review and change to align with best practices and legal requirements.

Monimoto 9 GPS tracker and Key Fob

Get monimoto

Make life harder for thieves!