Responsible Disclosure Policy
SmartRent takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability, we encourage your help in disclosing this to us in a responsible manner.
SmartRent will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy, as well as our policies. At SmartRent’s discretion, you may be eligible for monetary compensation for your efforts if you are the first to report a vulnerability and include detailed information to reproduce the vulnerability. We will not take legal action against, suspend or terminate access to the platform those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. SmartRent reserves all of its legal rights in the event of any noncompliance.
Don’t disclose a bug or vulnerability in the public domain, prior to Responsible Disclosure without consent from SmartRent.
If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise any data exposed and you are not authorized to view any data exposed by the vulnerability.
- Do not perform DDOS / spam attacks.
- Do not use scanners or automated tools to find vulnerabilities.
- Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.
The scope of this policy includes vulnerabilities discovered on any of our mobile apps, the SmartRent platform, or any smart hubs used by our platform. If you have any questions about the scope of this policy, please contact [email protected].
How to Report an Issue
If you feel you have discovered a vulnerability within the scope of this disclosure policy, please contact [email protected]. In your email, please provide us with an email address for use in order to invite you to our triage systems. Do not send your submission to this address. Once you have received the invite, only then will your submission be accepted with the following information you will need to provide.
In reporting vulnerabilities, please send details of:
- Suspected vulnerability including reproduction steps that we can follow as well as the date and time identified.
- Ensure that your submission is within the scope of this disclosure agreement.
All correspondence will be done via our secure triage system and our security team will validate and investigate any details you provide immediately. All communication with you will be done within our triage portal.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----