Responsible Disclosure Policy

Amino understands the importance of security of our products and we believe that the responsible disclosure of any security vulnerabilities identified by security researchers plays an important role in this.

Security Researchers

Amino accepts vulnerability reports from all sources including independent security researchers, industry partners, vendors and customers. We define a vulnerability as a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.

How to Report a Suspected Vulnerability

Amino ask security researchers to share details of any suspected vulnerabilities via email to security-alert@amino.tv. If you feel the need, please use our PGP public key to encrypt your communication with us.

At a minimum please include the following information with your initial submission:

  • Your assessment of the Severity (Critical/High/Medium/Low)
  • Name of your Service Provider
  • Details of the Amino product the report relates to including at least the model, serial number
  • Short description
  • Steps to reproduce (please be as detailed as possible; include screenshots if applicable)
  • Date and time of your testing
  • Preferred contact method (e.g. phone, email)

Amino will acknowledge submitted reports within 3 working days. Amino asks that all parties respect a 90 day hold-off period before making full disclosure.