Cyber Security

Reporting Vulnerabilities in Embever Products

At Embever, safeguarding our products and ensuring the security of our customers is our top priority. We encourage researchers, partners, customers, and other stakeholders to report any potential vulnerabilities in our products. By working together, we can identify and address potential issues promptly, keeping our systems secure.

What is a Vulnerability?

A vulnerability is a weakness or flaw in a software or hardware product that, if exploited, could compromise its security. Examples include coding errors, configuration oversights, or insufficient access controls that might impact the confidentiality, integrity, or availability of a product.

How to Report a Vulnerability

If you have discovered a vulnerability in any Embever product, please follow the steps below to report it:

Contact the Embever Cyber Security Team

Email our cyber security team at cybersecurity@embever.com . Please use “Vulnerability Report” in the subject line to ensure a swift response.

For security reasons, we recommend using PGP encryption to protect any sensitive information you share with us. Our public PGP key is available via this link: Public PGP Key for Embever Cyber Security Response Team for secure communication.

Include the Following Information

To help us investigate and resolve the issue, please provide as much detail as possible, including:

• Affected Product: Name and version of the product.
• Vulnerability Description: A clear explanation of the vulnerability and its potential impact.
• Proof of Concept: Steps to reproduce the vulnerability or relevant code snippets (if available).
• Disclosure Status: Let us know if this vulnerability has already been publicly disclosed.
• Disclosure Coordination: Indicate if you’re willing to work with us on a coordinated disclosure.

What to Expect After Reporting

• Acknowledgment: We will confirm receipt of your report within three business days.
• Assessment and Investigation: Our team will assess the report and conduct a preliminary evaluation of the vulnerability. We may reach out to you for additional information if needed.
• Remediation Timeline: Once verified, we will prioritize the vulnerability and work towards a resolution. We will provide updates on our progress, including any timelines for remediation.
• Final Notification: When a fix or mitigation is ready, we will notify you prior to public disclosure. If the severity warrants it, we will also publish an advisory on our website.

Responsible Disclosure

Embever is committed to responsible disclosure and appreciates the cooperation of security researchers. If you wish to remain anonymous, we respect your privacy and will handle your report with the same thoroughness.

Recognition

As a token of our appreciation, we are happy to acknowledge contributors in our official advisories if desired. We value the support of the security community in maintaining our products’ security.

Contact Us

For any questions about our vulnerability handling process or if you need assistance with reporting, feel free to reach out to cybersecurity@embever.com . Your efforts play a crucial role in helping us keep Embever products secure.

Thank you for helping us protect our customers and enhance our products’ security.