VULNERABILITY DISCLOSURE POLICY



This page describes the methodology of CHH-Microtechnique SA. to receiving reports describing vulnerabilities identified on this website.



Customers, users, researchers, partners and any other person that interacts with the products and services of CHH-Microtechnique SA. are encouraged to report identified vulnerabilities and errors. The standard method to submit vulnerability reports to CHH-Microtechnique SA. is to send an email to the dedicated email address: responsibledisclosure@chh-microtechnique.ch.



The Terms of use and the Privacy policy of CHH-Microtechnique SA. apply, except where stated otherwise.



Please note that supplying your contact information with your report is entirely voluntary and at your discretion. If you do submit your contact information, CHH-Microtechnique SA. will only use it to process your report and to get in touch with you, if necessary.



CHH-Microtechnique SA. may use your report for any purpose deemed relevant by CHH-Microtechnique SA.. To the extent that you propose any changes and/or improvements to a product or service in your report, you assign to CHH-Microtechnique SA. all use and ownership rights to such proposals.



By submitting a vulnerability report to CHH-Microtechnique SA., you further agree to the following terms:



    
	
  • You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to CHH-Microtechnique SA.), the discovered vulnerabilities and/or errors;
    • 
	
  • You have not engaged, and will not engage, in testing/research of systems with the intention of harming CHH-Microtechnique SA., its assets, customers, employees, partners or suppliers;
    • 
	
  • You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the discovered vulnerability and/or error;
    • 
	
  • You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
    • 
	
  • You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that a vulnerabilities and/or errors has been reported to CHH-Microtechnique SA.;
    • 
	
  • CHH-Microtechnique SA. does not guarantee that you will receive any response related to your report. CHH-Microtechnique SA. will only contact your regarding your report if it is deemed necessary;
    • 
	
  • You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by CHH-Microtechnique SA.
    •