Responsible Disclosure Policy

This policy outlines how the ONEKEY Research Lab handles responsible vulnerability disclosure to product vendors and the general public.

Introduction

ONEKEY is a platform for automated security analysis and compliance checks of IoT firmware. Our mission is to secure the Internet of Things. In order to discover vulnerabilities and vulnerability patterns within IoT devices and to further enhance automated identification that allows for scalable detection within ONEKEY, we conduct excessive security research in the area of IoT. By fixing existing vulnerabilities and applying latest security patches to affected devices; vendors, manufacturers and end users all play integral roles in securing the Internet of Things. Whenever the ONEKEY Research Lab discovers vulnerabilities in IoT
firmware, we aim at responsibly disclosing relevant information to the vendor of the affected IoT device as well as the general public in a way that minimizes potential harm and encourages further security analyses of IoT systems.
But…
ONEKEY Research Lab respects the privacy of its clients and confidentiality of analyses conducted via the ONEKEY platform. As such, ONEKEY Research Lab will not publicly release any vulnerabilities identified by its clients via the ONEKEY platform.

Disclosure Process

Working with Vendors

ONEKEY Research Lab