Declaration
Vulnerability Disclosure Policy
Introduction
Thank you for your interest in contributing to the security of our products and services. We, Shanghai Imilab Technology Co., Ltd., value the security of our systems and data, and we appreciate the efforts of responsible security researchers, penetration testers, and vulnerability hunters.
This Vulnerability Disclosure Policy ("Policy") outlines the process for security researchers to submit vulnerability reports to us and what to expect in return. It is designed to encourage the responsible disclosure of security vulnerabilities in our products and services.
Scope
This Policy applies to all IMILAB products and services, including but not limited to list specific products or services if applicable. This Policy does not apply to any systems, programs, or devices that are not owned or operated by IMILAB, including those of our partners or customers.
Our Commitment
1. Timely Response: We will acknowledge receipt of your report within 3 business days, and aim to provide a substantive response within 14 business days.
2. Clear Communication: We will engage with you to address the reported vulnerability and keep you informed of our progress towards a resolution.
3. Gratitude: We will publicly acknowledge, with your permission, your contribution to improving our security.
4. Legal Safe Harbor: We will not pursue legal action or initiate a lawsuit against you in response to your vulnerability report, provided you comply with this Policy.
Your Responsibilities
1. Report Immediately: If you discover a vulnerability, report it to us immediately.
2. Do Not Publicize: Do not disclose the vulnerability publicly until it has been resolved and we have given you permission to do so.
3. Do Not Disrupt: Do not use the vulnerability to disrupt our services, compromise user data, or engage in any behavior that could be considered illegal or unethical.
4. Scope of Testing: Limit testing to the extent necessary to identify, reproduce, and demonstrate a vulnerability.
Reporting a Vulnerability
To report a vulnerability, please submit a detailed report to us via help@imilab.com or the Issue Feedback Form below.
Your report should include:
-A description of the vulnerability.
-Steps to reproduce the vulnerability.
-Any proof-of-concept code or videos.
-Expected and actual results.
Security Support Lifecycle
We commit to providing security updates and support for our products and application services for a minimum of three years from the date of their initial market release.
Exclusions
This Policy does not apply to:
-Attempts to test, penetrate, or attack our systems without prior authorization.
-Any activity that is illegal or considered unethical.
-Any activity that disrupts or compromises our systems or data.
Policy Updates
We reserve the right to update this Policy at any time. Updates will be posted on our website without prior notice.
Contact Us
For any questions or further information, please contact us via help@imilab.com or the Issue Feedback Form below.
Thank You
We appreciate your efforts to help us maintain a secure environment for our users.
Shanghai Imilab Technology Co., Ltd.
Effective Date: October 31, 2024
Issue Feedback Form
PSTI Declaration of Conformity
- IMILAB C21_CMSXJ56B
- IMILAB C22_CMSXJ60A
- IMILAB EC3 Lite_CMSXJ40A
- IMILAB EC5_CMSXJ55A
- IMILAB EC6_CMSXJ65A
- IMILAB EC6 Dual_CMSXJ68A
- IMILAB EC6 Panorama_CMSXJ115A