Amino understands the importance of security in our products. We believe that the responsible disclosure of any security vulnerabilities identified by security researchers plays an important role in how we conduct our business.
Amino accepts vulnerability reports from all sources including independent security researchers, industry partners, vendors and customers. We define a vulnerability as a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
How to report a suspected vulnerability
Amino ask security researchers to share details of any suspected vulnerabilities via email to email@example.com. If you feel the need, please use our PGP public key to encrypt your communication with us.
At a minimum please include the following information with your initial submission:
- Your assessment of the Severity (Critical/High/Medium/Low)
- Name of your Service Provider
- Details of the Amino product the report relates to including at least the model, serial number
- Short description
- Steps to reproduce (please be as detailed as possible; include screenshots if applicable)- Date and time of your testing
- Preferred contact method (e.g. phone, email)
Amino will acknowledge submitted reports within 3 working days. Amino asks that all parties respect a 90 day hold-off period before making full disclosure.