This Vulnerability Disclosure procedure provides guidelines on how to submit discovered Vulnerabilities and how we will improve the security of our products and services.
Vulnerability(ies) for the purposes of this policy is defined as an attack against a product that can adversely affect its confidentiality, integrity and availability.
You can report a Vulnerability using the Report a Vulnerability form and must include the following information
The web form is intended for Vulnerability reporting only. Any business, technical or sales inquiries are not accepted. For other technical support information on our products or services, please visit our Epson New Zealand Support webpage.
The customer submitting the report will receive an acknowledgement of receipt from us within five working days when the report was lodged.
The received Vulnerabilities are checked by our technical team and the results are provided back to the reporter. In some case, we may decide that the Vulnerability is “not covered by the Vulnerability response” For example;
If we determine that the product is vulnerable, we will provide the reporter with a solution that addresses the Vulnerability or provide a workaround. Please note that when we provide the solution, we may ask the reporter to confirm the Vulnerability has been properly addressed.
If it is deemed necessary to inform customers other than the reporter, we will update our security notifications page as soon as the information can be disclosed, so that customers can implemented appropriate measures.
In addition, if the reporting party makes the disclosure, the reporting party may be requested to coordinate with Epson on the disclosure notice (e.g. not including information that may give the attacker an advantage) and the disclosure schedule.
We DO NOT offer any compensation for reporting Vulnerabilities. We sincerely appreciate those who take the time and effort to report Vulnerabilities in accordance with this document. Please acknowledge that there is no expectation of payment or compensation and that any future right to claim related to the submitted report is waived.
Regarding the disclosure of Vulnerabilities, the reporting party must not disclose Vulnerability related information to third parties without a valid reason. However, if you need to disclosure Vulnerability-related information for legitimate reasons, please consult us in advance.