Vulnerability Handling Policy
Connected Technologies, LLC. (CT) has a robust product security vulnerability and response handling policy
You can receive reports related to potential security vulnerabilities in CT products and services and learn about our standard practices in informing customers of verified vulnerabilities.
CT follows secure development principles throughout our product development lifecycle. We expand and improve on our secure-development programs on a continuing basis. As a part of our standard procedures, we implement secure design principles, developer training, and extensive testing programs.
We follow a standard process to address vulnerabilities and notify our customers
Vulnerability report received: CT encourages customers and researchers to use encrypted emails to transmit confidential details to our Vulnerability Response Team. CT will investigate a suspected vulnerability in our products and confirm receipt of the vulnerability report within seven business days.
Verification: CT engineers will verify the vulnerability and provide assessment.
Resolution development: CT strives to deliver critical fixes and mitigations to the customer base as rapidly as our stringent quality-control standards allow; testing and verification is often a time-intensive process.
Notification: CT will disclose the minimum amount of information required for a customer to assess the impact of a vulnerability in their environment, as well as any steps required to mitigate the threat. CT does not intend to provide details that could enable a malicious actor to develop an exploit.
CT welcomes your questions or comments regarding this Vulnerability Handling Policy. If you believe that CT has not adhered to this Statement or to report a vulnerability, please contact CT at:
Connected Technologies, LLC.
PO Box 1266
Monument, CO 80132-1266
Effective as of January 1, 2019