Security Center
Last Updated: August 1st, 2024
Welcome to the DESLOC Security Resources Center. This secure site is constructed to provide a destination for reporting known security issues with DESLOC products or technologies. Experienced industry experts will identify, analyze, and respond to known vulnerabilities and provide action steps to help you manage security risks.
To access information and instructions on how to use the DESLOC Security Resources Center review the Disclosure Policy and Reporting Guidelines below.
Disclosure Policy
DESLOC believes that the disclosure of vulnerabilities is essential to improving the quality of our products and services. DESLOC values the insights of the security research community and welcomes disclosure and collaboration.
Through our responsible disclosure process DESLOC will work with security researchers and other vulnerability investigators to make our products and services more secure by providing a mechanism to privately report vulnerabilities with legitimacy and integrity. Responsible disclosure ensures that security infrastructure is tested and proven reliable. This process allows us to work collaboratively with the researchers to identify and mitigate vulnerabilities quickly in an ever-changing security environment.
The following is DESLOC responsible disclosure policy:
DESLOC will disclose known vulnerabilities and their fixes to its customers in a manner that protects the end-users of our products. Disclosures made by DESLOC will include credit to the person who first identified the vulnerability, unless they request otherwise.
DESLOC is open to communication and working with security researchers who come to DESLOC with a shared interest to improve security and coordinate the distribution of information, including both the vulnerability and the solution that addresses it.
DESLOC does not have a bounty program nor a monetary award for the researcher, however DESLOC will provide credit and publicly acknowledge in a written advisory, the work of a security researcher who privately brings the company valid information about a vulnerability and then works with DESLOC to coordinate the public announcement after a fix or patch has been developed and tested.
Security researchers are allowed to post a link to the DESLOC advisory on their own web sites as recognition for helping minimize risks and helping end-users protect themselves.
We ask the security researcher community to work with DESLOC to coordinate the public disclosure of a vulnerability. Prematurely revealing a vulnerability publicly without first notifying DESLOC could hurt end-users, exposing sensitive information and putting people and organizations in danger of malicious attacks.
To that end, DESLOC strongly advocates a two-step process: first, private disclosure of a potential vulnerability to DESLOC. Once the vulnerability is validated and resolved, DESLOC coordinates the public disclosure, which includes the recognition of the security researcher’s discovery, confirming that credit is given to the right person(s).
We ask that researchers recognize that our actions to investigate, validate and remediate reported vulnerabilities vary based on complexity and severity. We will communicate expected timelines, changes and collaborate where possible. Additionally, we request that researchers not utilize Denial of Service tools or compromise DESLOC user infrastructure or personal; information while performing testing or evaluation. If this kind of testing is necessary, we request they contact us, so that we may provide testable products in a non-production environment for such purposes where reasonably possible.
Like other leading companies, DESLOC applies industry best practices for coordinated disclosure of vulnerabilities to protect the security ecosystem, ensuring that customers get the highest quality information, drive public discourse about ways to improve products, protocols, methodologies, standards and solutions.
As part of its responsible disclosure program, DESLOC is seeking relationships with security researchers who adhere to a coordinated, shared responsibility approach to publicly disclosing a vulnerability. DESLOC invites security researchers and other vulnerability investigators to join us in this effort.
Reporting Guidelines
Steps to Report a Vulnerability.
Please report any potential or real security vulnerability claim to the DESLOC Security Resources Team via email at support@desloc.com. Please encrypt your email with PGP and this public key.
Please include the information below in your email report:
First and last name
Company name
Contact phone number (optional)
Preferred email contact
General description of vulnerability
Product containing vulnerability (hardware & software versions), part numbers
Tools, hardware and other configurations required to trigger the event
Any security or service pack updates applied
Document instructions to reproduce the event
Sample code, proof of concept or executable used to produce event
Definition of how the vulnerability will impact a user including how the attacker could breach security on-site
Affected product
System Details
Technical Description and steps to reproduce
Proof of concept (provide link)
Other parties and products involved
Disclosure plans/Dates/drivers
What was the purpose and scope of research being performed when found (context)