Metrikus takes security issues extremely seriously and welcomes feedback from external security researchers in order to improve the security of our service provided over IoT gateway devices.
As part of our continued drive to minimise risk through the integrated management of quality, information security, asset management and business continuity Metrikus operate a policy of coordinated disclosure for dealing with reports of security vulnerabilities and issues.
For vulnerability disclosures to be valid they must relate to devices over which the Metrikus service is communicated and not relate to non-specific or generic vulnerability disclosures. Only those that are present within service recipient’s infrastructure are valid.
To privately report a suspected security issue to us, please send an email to firstname.lastname@example.org, giving as much detail as you can. If the suspected security issue is confirmed we shall:
- Acknowledge receipt of the disclosure
- Come back to you with an estimate of how long a resolution will take to develop; and
- Once a resolution has been released we shall notify you and recognise your efforts directly as well via this page.
You must agree to our Vulnerability Disclosure Policy in order for your disclosure to be eligible. This can be found below.
All such vulnerability disclosures shall be tracked using our IoT Security Vulnerability Disclosure Incident Process and allocated a unique reference to enable identification of the disclosure and subsequent actions.
The range of information we would find useful for any device related vulnerability disclosure includes:
- Device type, manufacturer and model number - Installation location of the device
- Details of the vulnerability/threat affecting the device
The Security Team of Metrikus would like to thank you in advance for any disclosures submitted to us.