DNX Vulnerability Disclosure and Reporting Policy

Publish Date: 2024-04-22
At DNX(Delta Networks (Xiamen) Ltd.), safeguarding the security of our IoT devices and associated services is paramount. This policy stands as a cornerstone of our security program, underscoring our belief that collaboration with the security industry accelerates the identification and resolution of security issues. We actively encourage responsible investigation and reporting of security concerns directly to DNX.
Kindly report all security issues via our dedicated email: [email protected].
Scope of Policy
This policy encompasses all identified security issues—known or potential—in any DNX IoT devices or system. This spans across Wi-Fi, Bluetooth, LTE, Ethernet and Zigbee modules, DNX's APP, websites and systems, as well as the server APIs of them.
Expectations for Disclosers
Contributing to the global good, we kindly request adherence to the following guidelines:
Act Promptly: Notify us as soon as possible upon discovering a real or potential security issue.
Give Us Time: Refrain from disclosing issues to others until we've had adequate time to address them.
Respect Confidentiality and Privacy: Avoid retaining or disclosing confidential information to others,including DNX's or others' confidential information and personal details.
Do No Harm: Abstain from actions affecting user experience, systems, or the confidentiality, integrity, or availability of data. This includes avoiding excessive attempts impacting server availability, viewing or extracting information exposing it to further security issues, attempting unauthorized access to systems, altering public-facing material, and engaging in non-technical testing dependent on the actions of people.
Provide Complete Information: Furnish us with as much relevant information as possible.
Be Honest: Share only accurate information; refrain from providing false or misleading information,misrepresenting your identity, or presenting inaccurate technical details.
Our Commitment to the Cyber Security Community
In alignment with this policy, DNX commits to:
Respond Promptly: Acknowledge your initial report within one week.
Collaborate as Necessary: Work with you to understand the issue if not apparent from your initial report.
Remediate Promptly: Prioritize and remediate vulnerabilities based on their severity.
Legal Framework
DNX adhere to all applicable laws, rules, and regulations and expect the same from you. This policy does not establish private obligations or form a contract between DNX and any other party. While DNX retains sole discretion to decide whether to compensate for disclosures, no compensation will be provided to individuals on a government sanctions list or in a country on such a list.