Hopp til innhold

Vulnerability Disclosure Policy (VDP) for Heimgard Wi-Fi Routers

1. Introduction

The purpose of this Vulnerability Disclosure Policy (VDP) is to provide clear guidelines for reporting security vulnerabilities in Heimgard’s Wi-Fi routers and access point products. Our aim is to work collaboratively with security researchers, ethical hackers, and other stakeholders to address vulnerabilities in a responsible and transparent manner.

This policy aligns with the legal requirements set forth by the EU NIS Directive, the UK NIS Regulations, the EU Cybersecurity Act, and the UK Product Security and Telecommunications Infrastructure (PSTI) Bill.

2. Scope

This VDP applies to all Internet routers and Wi-Fi access point devices manufactured or distributed by Heimgard Technologies. It includes all software, firmware, and hardware vulnerabilities that could impact the confidentiality, integrity, or availability of the devices.

Excluded from the scope:

  • Devices not manufactured by Heimgard Technologies.
  • Vulnerabilities related to third-party software or systems, unless these are embedded in our products.

3. How to Report a Vulnerability

We encourage the reporting of any security vulnerabilities discovered in our products. You can report them to us via the following methods:

Please include the following details in your report:

  • A detailed description of the vulnerability.
  • Steps to reproduce the vulnerability, if applicable.
  • Potential impact and risk assessment.
  • Any relevant proof of concept (PoC) or exploit code (optional).

4. Safe Harbor Provision

We respect the role of security researchers and ethical hackers in improving the security of our products. As long as your activities are conducted in a lawful and ethical manner, and in accordance with this policy, we will:

  • Not take legal action against you.
  • Work with you to remediate the vulnerability promptly.
  • Recognize your contribution, if desired, in public disclosures.

The following conditions must be met:

  • Avoid privacy violations, service disruptions, or damage to the system.
  • Act in good faith to avoid breaching any applicable laws, including data protection laws such as the General Data Protection Regulation (GDPR) (EU) and UK GDPR.
  • Comply with applicable export control laws when sharing vulnerability information.

5. Acknowledgment and Response Timeframes

  • Acknowledgment: We will acknowledge receipt of your report within 5 business days.
  • Initial Assessment: We will conduct a preliminary assessment of the vulnerability and provide feedback within 10 business days.
  • Resolution: We aim to address all validated vulnerabilities within 90 days from the date of submission. In certain cases, this timeframe may be extended, and you will be informed of the expected resolution time.

6. Disclosure Timeline

We follow a coordinated disclosure process:

  • Once a fix is available, we may work with you to publicly disclose the vulnerability, giving credit to the researcher if requested.
  • Public disclosure may occur before a fix is released if the vulnerability poses an imminent risk to users and a temporary mitigation can be provided.
  • We will notify our customers about the availability of firmware or software patches.

7. Types of Vulnerabilities Covered

We welcome reports on the following types of vulnerabilities:

  • Authentication flaws (e.g., default passwords, weak passwords).
  • Firmware issues (e.g., outdated cryptographic libraries).
  • Misconfigurations (e.g., open ports or default settings that expose risks).
  • Denial of service vulnerabilities.
  • Remote code execution risks.
  • Unauthorized access to sensitive data or control.

Exclusions:

  • Spam, phishing, social engineering or AI reports.
  • Vulnerabilities that rely on physical access to the device.
  • Issues already known or identified in public bug databases.
  • Customer or end-user misconfiguration.

8. Product Security Measures

As part of compliance with the EU Cybersecurity Act and UK PSTI Bill, Heimgard Technologes ensures that:

  • All routers and Wi-Fi access points are designed with security-by-design principles.
  • Regular security updates are issued, and users are notified.
  • We maintain secure communication channels, such as encrypted firmware updates and TLS-protected web interfaces.

9. Legal Compliance

This policy is designed to comply with:

  • NIS Directive (EU) and UK NIS Regulations.
  • EU Cybersecurity Act.
  • UK Product Security and Telecommunications Infrastructure (PSTI) Bill.
  • General Data Protection Regulation (GDPR) (EU and UK).

10. Contact Information

For any inquiries regarding this policy or for reporting a vulnerability, please contact:

  • Email: security-policies@heimgard.com
  • Phone: +47 64 94 44 22
  • Mail: Sommerrogata 13-15, 0255 Oslo, Norway

By adhering to this VDP Heimgard Technologies ensures that security vulnerabilities in its internet routers and Wi-Fi access points are addressed in a responsible and timely manner, in compliance with UK and EU laws.

Let us get in touch

Let's team up and discover how our solutions can elevate your customer experience!

Sales representatives

Erik Syverinsen

Commercial Director, Nordics

+47 993 31 600 erik.syverinsenheimgard.com

Francis Baestaens

Global Sales

+32 473 653 992 francis.baestaensheimgard.com