Icotera Vulnerability Disclosure Policy

1: Owner information

Icotera Vulnerability Disclosure Policy

Objective:

At Icotera we are committed to providing CPE products that allow its customers to easily and effectively protect their users and their network from malicious actions.

This is done by ensuring the security of our Consumer Premises Equipment (CPE) products software and configuration recommendations.

This Vulnerability Disclosure Policy outlines the procedures for security researchers and individuals to responsibly report potential vulnerabilities in our products.

Icotera PSIRT

Issues relating to product security are handled by the Icotera Product Security Incident Response Team (PSIRT).

Scope:
This policy applies to all Icotera CPE products and associated services.

Reporting a Vulnerability:
If you have discovered a security vulnerability in an Icotera CPE product, we encourage you to report it to us in a responsible manner. Please follow these steps:

Submit Your Report:
– Email your findings to security@Icotera.com.
– Describe which model and firmware version that have been investigated.
– Include a detailed description of the vulnerability, along with steps to reproduce it.
– Attach any necessary supporting documentation (e.g., screenshots, proof-of-concept code).

Encryption:
– Encrypt your email using our PGP key to ensure the confidentiality of the communication.

Provide Contact Information:
– Include your contact information, including your name and email address.

Response Time:
– Icotera is committed to acknowledging receipt of your report within 72 hours.
– We will provide regular updates on the status of the investigation.

Responsible Disclosure Guidelines:

– Security researchers are expected to make reasonable efforts to avoid privacy violations, service disruptions, and destruction of data during their research.
– Do not disclose the vulnerability to the public or any third parties until Icotera has had a reasonable time to address the issue.

Our Commitment:

– Icotera is committed to working with security researchers to understand and address reported vulnerabilities promptly.
– We will provide public credit and recognition to the security researcher, with their consent, upon successful resolution of the vulnerability.

Legal Safe Harbor:

– Icotera will not pursue legal action against individuals who discover and report vulnerabilities in accordance with this policy.

Exceptions:

– This policy does not grant permission to engage in any activities that could harm Icotera or its customers.
– Icotera reserves the right to update this policy at any time without notice.

Contact Information:

– For any questions or concerns regarding this policy, please contact security@Icotera.com.

PGP Key:

– Icotera PGP key can be found here.

Thank you for helping us keep our products secure!
Icotera Security Team

Committed support dates:

Icotera will offer security update support to the products below, in compliance with UK PSTI (Product Security and Telecommunications Infrastructure Act), until the date specified below. Extended support beyond the below may be directly agreed upon between Icotera and its customers.

Product	Product Security Update Period & End of Support
Baldur f2140 Baldur f2141 Baldur f2240 Baldur f2241	5 years (until 31 December 2031)
Baldur fX310 Baldur fX311 Baldur fX410 Baldur fX411 Baldur fX710 Baldur fX711	5 years (until 31 December 2031)
Sága r2501 Sága r2701	5 years (until 31 December 2031)
i4860	5 years (until 31 December 2031)
i6401 i6405 i6407	5 years (until 11 December 2027)
i3550 i4850	5 years (until 1 January 2027)
i5204 i5208	5 years (until 11 December 2027)
i3560 i4862 i4882 i4883	5 years (until 11 December 2027)
i5901 i5905 i6901-20 i6905-20	5 years (until 1 January 2027)
i7208 i7404 i7408	5 years (until 11 December 2027)
Note: Products not listed here are either “End of Support” or in the “New Product Introduction” phase.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.