You found a security vulnerability in one of the Talarian products, and you want to report it to us. This article explains you our policy in this respect and what is the procedure to report a security vulnerability you discovered in YAMM.
No technology is perfect, and Talarian believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you think you've found a security issue in one of the Talarian products, we encourage you to notify us at secalert@talarian.io. We welcome working with you to resolve the issue promptly.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to resolve the issue quickly.
Talarian values the members of the independent security research community who find security vulnerabilities and work with us so that security fixes can be issued to all customers. When a fix for the reported security bug is issued, Talarian's policy is to credit all researchers in the Release Notes. To receive credit, security researchers must follow this policy’s best practices, including:
- to only interact with accounts you own or with the explicit permission of the account holder;
- to not disclose the vulnerability to the public or to any third party before Talarian releasing a fix for it;
- to not disclose specifics of the issue, for example, through exploits or proof-of-concept code;
- to refrain from causing any privacy violations, destruction of data, and interruption or degradation of our service.
Also, while researching, we'd like to ask you to refrain from:
- Denial of service.
- Spamming.
- Social engineering (including phishing) of our staff or contractors.
- Any physical attempts against our property.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. Suppose legal action is undertaken by a third party against you, in connection with activities conducted in compliance with this policy. In that case, we will take steps to make it known that your actions were conducted in compliance with this policy.