Vulnerability Disclosure Policy

Effective Date: 9 May 2025

At Univers, we are committed to ensuring the security of our systems and data. We value the contributions of security researchers and the wider community in helping us identify and address potential vulnerabilities. This policy outlines our approach to receiving, investigating, and responding to security vulnerability reports. We encourage you to report any security vulnerabilities you may discover in our products, services, or infrastructure.

Reporting a Security Vulnerability

If you believe you have found a security vulnerability, please submit your report to us via one of the following methods:

When submitting your report, please provide as much detail as possible, including:

  • A clear and concise description of the vulnerability.
  • The affected product, service, or URL.
  • Steps to reproduce the vulnerability (including any specific configurations or inputs).
  • The potential impact of the vulnerability.
  • Any relevant supporting information, such as screenshots, proof-of-concept code, or tool outputs.

Please refrain from publicly disclosing the vulnerability until we have had a reasonable opportunity to investigate and address it.

Our Commitment

We are committed to handling all vulnerability reports in a timely and professional manner. Here are our typical timelines:

  1. Initial Acknowledgement: Upon receiving your report, we will make our best effort to acknowledge receipt as soon as possible. This initial communication will confirm that we have received your report and are reviewing it.

  2. Status Updates: We understand the importance of keeping you informed about the progress of our investigation and remediation efforts. We will provide you with periodic status updates until the reported issue is resolved. The frequency of these updates may vary depending on the complexity and severity of the vulnerability.

  3. Notification of Fixed Vulnerabilities: Once a security update addressing the reported vulnerability is available for our affected products or services, we will provide the fixed vulnerabilities details in our product release notes.

Our Process

Once a vulnerability report is received, our security team will:

  • Conduct an initial assessment to validate the report and understand its potential impact.
  • Work to reproduce the vulnerability and gather necessary information.
  • Develop and implement appropriate remediation steps.
  • Test the fix to ensure its effectiveness.
  • Deploy the fix to the affected systems or services.
  • Communicate the resolution and availability of the security update.

Our Expectations from Reporters

We appreciate your responsible and ethical approach to vulnerability disclosure. We ask that you:

  • Provide us with sufficient information to reproduce and understand the vulnerability.
  • Avoid causing any disruption, degradation, or unauthorized access to our systems or data during your testing.
  • Refrain from exploiting the vulnerability or disclosing it publicly before we have had a reasonable time to address it and for users to apply the necessary updates.
  • Act in good faith and assume that we will take appropriate action to address the reported vulnerability.

Safe Harbor

We consider activities conducted in accordance with this policy to be authorized and will not initiate legal action against individuals who submit vulnerability reports in good faith. We appreciate your efforts in helping us improve our security posture.

Thank you for helping us keep our systems and users safe.
Univers

Copyright © Univers. All Rights Reserved.
|
User AgreementPrivacy Notice