Report Vulnerability
Introduction
This Vulnerability Disclosure Policy (VDP) defines the activities for security researchers to find and report vulnerabilities in IoT solutions including cloud services, mobile application and smart home appliances, Smart TVs and EVCs in a legally authorized manner. Security researchers can be any persons of any age or affiliation located anywhere in the World. This policy is effective as ofJan 3, 2024.
Overview
This policy is the "act of initially providing vulnerability information to a party that was not found to
be previously aware." The individual or organization that performs this act is called the reporter or
security researcher.
We, as Vestel Electronics Inc., consider security and privacy issues/vulnerabilities seriously and to
improve/enhance the security level of our end2end IoT Solutions including mobile apps, back-end
solutions and IoT devices such as home appliances, Smart TVs and EVCs. We gladly wait for
feedback/report from security researches. If an information about potential vulnerabilities is reported
to us, the VDP and incident response plan will be used in mitigate or remediate actions for the IoT
solution related vulnerabilities.
Scope
All IoT devices including smart home appliances, Smart TVs, EVCs and related end2end IoT solutions
including back-end systems, mobile applications are covered within the scope of the VDP.
Also, a researcher determines a vulnerability which includes any sensitive data (including personally
identifiable information, financial information, or the proprietary information or trade secrets of any
party), they must stop testing, notify relevant e-mail address immediately through our vulnerability
submission process, and not disclose this data to anyone else. If a researcher engages in any activities
that are inconsistent with this procedure or other applicable law, the researcher may be subject to
criminal and/or civil liabilities.
Guidelines
Under the VDP, researchers should take the activities required that: