Coordinated Vulnerability Disclosure
Silent Breach supports responsible disclosure of security vulnerabilities
Protecting our customers along with third party vendors.
As security researchers ourselves, we deeply understand the implications of disclosing 0-day vulnerabilities before they have been patched or deployed in the field. As part of our pledge to protect our customers or any other vendors, we strive to always disclose security issues in a responsible manner. Silent Breach is also available to assist others in that process, please reach out if you need help communicating with a particular vendor, would like Silent Breach to reach out on your behalf or if you wish to report a vulnerability in one of our own products.
Vulnerability disclosure guidelines
In order to protect our customers, please use the following guidelines whenever sharing a newly discovered vulnerability:
- Please share a full vulnerability description with either Silent Breach or the vendor. This should include as many details as possible including the OS version, software version, ports used (if applicable), and the versions of any other resources used. Please include the potential impact on users and systems.
- If possible, please share a proof of concept including the necessary tools and environment to be used to reproduce the vulnerability.
- Please also share any other limitations or conditions necessary for carrying out the exploit.
- Wherever applicable, do not publicly disclose the vulnerability until the vendor has deployed a patch.
- Please use our public GPG key to encrypt any information you wish to share.
- Please indicate whether you wish to remain anonymous during this process.