Sentiance Coordinated Vulnerability Disclosure (CVD) Statement

sentiance-cvp

At Sentiance, we prioritize the security and privacy of our users, partners, and systems. We recognize the importance of responsible security research and encourage ethical security researchers to report vulnerabilities they discover in our systems. To facilitate a coordinated approach to vulnerability disclosure, we participate in the Zerocopter program.

Reporting a Vulnerability:

If you believe you have discovered a security vulnerability in a Sentiance system, product, or service, we encourage you to report it through our official vulnerability disclosure program hosted by Zerocopter. To ensure a responsible disclosure process, please adhere to the following guidelines:

• Submit Reports via Zerocopter: All vulnerabilities should be reported through the Zerocopter platform to ensure a structured and timely response.

• Provide a Detailed Report: Include a clear description of the vulnerability, steps to reproduce it, potential impact, and any supporting evidence (e.g., screenshots, logs, or proof-of-concept code).

• Maintain Confidentiality: Do not disclose any vulnerability details to third parties before Sentiance has had the opportunity to assess and remediate the issue.

• Responsible Testing: Do not exploit the vulnerability beyond what is necessary to confirm its existence. Avoid actions that could compromise user data, disrupt services, or impact system availability.

Researcher Guidelines

Do's:

  • Report vulnerabilities as quickly as possible to minimize risks.
  • Keep vulnerability details confidential until they are resolved.
  • Provide sufficient information to reproduce the issue.

Don'ts:

  • Publicly disclose the vulnerability before resolution.
  • Attempt to exploit or escalate the vulnerability beyond proof-of-concept.
  • Modify, delete, or copy system data.
  • Copy, modify or delete data on the system. An alternative for doing so is making a directory listing of the system.
  • Use brute force attacks, denial-of-service and social engineering.

Our Approach to Report Handling

  • Acknowledge receipt of the report within a reasonable timeframe.
  • Investigate the issue and verify its validity.
  • Take appropriate remediation actions to address the vulnerability.
  • Keep researchers informed of relevant progress.

Legal Considerations

Sentiance will not pursue legal action against researchers who:

  • Act in good faith and adhere to our CVD policy.
  • Follow responsible disclosure guidelines.
  • Operate within legal boundaries and do not cause harm to Sentiance or its users.

However, any activities that violate applicable laws, exploit vulnerabilities beyond proof-of-concept, or result in harm to Sentiance or its users will not be tolerated.

We appreciate the valuable contributions of the security research community in helping us maintain a robust security posture. Thank you for your efforts in making our systems safer.

To submit a vulnerability, please refer to our Coordinated Vulnerability Disclosure.

 

Sentiance-logo-white

Sentiance is the leader in motion insights. Our mission is to save lives every day and shape the future of road safety. Unlike telematics companies, we focus on the driver and not the vehicle because most accidents are caused by human error.  

With our revolutionary on-device AI technology, companies use insights from The Edge Platform to produce scalable, cost-efficient, and privacy-centric solutions for their customers.

developed-with-flanders-support
footer-logos

© Sentiance NV.  -  a website by mimosa

Back to top Arrow