We are a global compliant company and take the security of our products and services very seriously. Despite stringent quality standards for the security of these systems, it may occur that there still is a vulnerability that slipped through the cracks of our quality assurance processes.
Airmeet takes the security of its products and services very seriously. We believe responsible disclosure of any security vulnerabilities identified by security researchers is an essential part of that commitment to ensure stringent quality standards for the security of these systems. This Responsible Disclosure Policy (“Policy“) is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. Responsible disclosure requires mutual trust, respect, and transparency between all members of the security community.
If you believe you have found a real or potential security vulnerability in any Airmeet-owned software or source code, then please report it to us as soon as possible at [email protected]. We would like to work with you to protect our customers and our systems in a better way.
We will acknowledge receipt of your vulnerability report as soon as possible. In case your vulnerability report is a ‘valid issue’ then we will strive to send you regular updates about our progress.
If you are curious about the status of your disclosure please feel free to email us again at the above-mentioned e-mail address. If for some reason you do not receive a response within a reasonable time from us then please follow up via email to ensure we received your original message.
Please do not submit a high volume of low-quality reports on security vulnerabilities.
Please DO NOT disclose the vulnerability until we have been able to correct it. See below for possible publication.
Acts under this Responsible Disclosure Policy should be limited to conducting tests to identify potential vulnerabilities, and sharing this information with Airmeet. If, after the vulnerability has been removed, you may publish information about the vulnerability on social platform or in public or to any third party, only with our prior written approval by notifying us at least one month in advance. Hence, you can identify us in public or before any third party only after giving our explicit written approval.
If you have any questions, we encourage you to address them to the Airmeet Security Team at [email protected]. In case of doubt about the applicability of this Policy, please contact us first via the above-mentioned e-mail address, to ask for an explicit permission.
Airmeet reserves the right to change the content of this Policy from time to time or to terminate the Policy at any time.
We are not offering cash rewards for any vulnerabilities. If your submission is valid, we will send you “Airmeet Swags” as a token of appreciation.