Skip to Main Content

Vulnerability Disclosure Policy

Introduction 

At SCRAM Systems, we take the security of our systems seriously. We value the contributions of security researchers and strive to keep our customers’ information safe. This policy outlines how you can report vulnerabilities to us and what you can expect from us in return. 

Reporting a Vulnerability 

If you believe you have found a security vulnerability in one of our products or services, we encourage you to let us know right away. We appreciate your help in making our systems more secure. 

To report a vulnerability: 

  1. Contact: Send an email to ATT.Firstresponderproblem@scramsystems.com with the details of the vulnerability. 
  2. PGP Key: If you prefer to encrypt your message, we will provide our PGP key upon request.
  3. Information to Include: 
    • Description of the vulnerability 
    • Steps to reproduce the vulnerability 
    • Any potential impact 
    • Your contact information for follow-up 

Our Commitment 

When you share your findings with us: 

  • We will acknowledge receipt of your report within 7 business days. 
  • We will provide you with an estimated time frame for addressing the vulnerability. 
  • We will notify you when the vulnerability has been fixed and an update is available. 
  • We will keep you informed of the progress of the fix. 

Our Pledge 

To show our appreciation for responsible disclosure, we pledge to: 

  • Not pursue legal action against you for reporting vulnerabilities, provided you adhere to our policy. 
  • Work with you to understand and resolve the issue quickly. 

Guidelines 

To ensure responsible disclosure, we ask that you: 

  • Give us reasonable time to address the issue before making any information public. 
  • Avoid actions that could harm the integrity of our systems, such as social engineering, physical security breaches, or denial of service attacks. 
  • Follow all applicable laws. 

Scope 

This policy applies to vulnerabilities in SCRAM Systems products and services, including: 

  • SCRAM GPS 9 Plus 

Out of Scope 

The following are generally outside the scope of our vulnerability disclosure program: 

  • Issues related to outdated browsers/plugins 
  • Denial of Service attacks 
  • Any other specific exclusions 

Contact Us 

If you have any questions about this policy, please contact us at ATT.Firstresponderproblem@scramsystems.com

Thank you for helping to keep SCRAM Systems and our users safe!