Vulnerability Disclosure Policy

Version: v1.1
Last Updated: 5th April 2024

At Audinate® we take the security of our products and systems seriously and we value the work done by the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

This vulnerability disclosure policy is intended to provide security researchers clear scope and guidelines for conducting vulnerability testing of Audinate websites, web services and Dante® products as well as how to submit discovered vulnerability reports to us.

 

Guidelines

 

Audinate requests adherence to the following guidelines when conducting vulnerability testing:

  • Avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
  • Only use exploits to the extent necessary to confirm a vulnerability’s presence
  • Do not use attacks that directly target customers or staff (physical testing, social engineering, etc.)
  • Do not use attacks that impacts the availability of services (denial of service, etc.)
  • Do not reveal the problem to others until it has been resolved

These guidelines are designed to be compatible with good practice coordinated vulnerability disclosure processes. It does not give you permission to act in any manner that is against the law, or which might cause Audinate or any other organisations to be in breach of any legal obligations.

We value those who take the time and effort to report security vulnerabilities, however we do not offer monetary rewards for vulnerability disclosures. If desired, we will publish your name/alias as recognition after the completion of the vulnerability disclosure process.

 

Scope

 

All Audinate websites and web services

  • *.audinate.com
  • *.getdante.com
  • audinate.my.site.com

All Audinate Dante products

  • Dante Activator
  • Dante API
  • Dante Application Library
  • Dante AVIO™ Adapters
  • Dante AV-A
  • Dante AV-H
  • Dante AV Ultra
  • Dante Broadway
  • Dante Brooklyn II
  • Dante Brooklyn 3
  • Dante Connect
  • Dante Controller
  • Dante Embedded Platform
  • Dante Director
  • Dante Domain Manager
  • Dante HC
  • Dante IP Core
  • Dante Pro S1
  • Dante Studio
  • Dante Ultimo
  • Dante Updater
  • Dante Virtual Soundcard
  • Dante Via

Reporting

 

If you believe you’ve found a security vulnerability in one of our products or platforms, please send a report to security@audinate[.]com. If you’d like to encrypt the information, please use our PGP key from www.audinate.com/.well-known/security.txt

Please include the following details with your report:

  • Description of the location/product and potential impact of the vulnerability
  • A detailed description of the steps required to reproduce the vulnerability (PoC scripts or screenshots are helpful)

We do not want to receive any:

  • Sensitive Personally Identifiable Information (PII)
  • Credit card data

What to expect from us:

  • Within 5 business days we will acknowledge the receipt of the report
  • Whilst we cannot provide patches in a fixed timeframe, we will maintain an open dialogue and endeavour to keep you informed at every stage of the process
  • If you have followed our guidelines, we will not take legal action against you in regard to the report
  • If desired, we will publicly publish and recognize your contribution, if you are the first to report the issue
Audinate
Contact
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.