Responsible Disclosure Policy

At Bolt IoT, we take the security of our systems and the data seriously, and we constantly work towards  making our websites, applications and hardware devices safe for our customers to use. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution, work closely with them to address such issues with urgency, and if they want, publicly acknowledge their contribution.

How to report an issue?

If you happen to have identified a vulnerability on any of our websites or apps or hardware devices, we request you to follow the steps outlined below:

  1. Please contact us immediately by sending an email to support@boltiot.com with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.

  2. If possible, share your contact details (email, phone number) with us, so that our security team can reach out to you if further inputs are required to verify or fix the vulnerability.

  3. If you intend to make the information public for educational or other such needs, please give us reasonable time to appropriately fix the problem before making such information public. Our security team will work with you to estimate and commit to such time frame.

  4. If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our systems' ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one. While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.

Acknowledgements

We do not have a bounty/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in this section on our website. Of course, this will be done if you want a public acknowledgement.

 

Out of scope targets:

  1. http://beta.boltiot.com/
  2. http://metricsdev.boltiot.com/

 

 

 

A big thank-you!

 

  1. Gaurav Kumar (https://twitter.com/gdattacker)
  2. Maksym Bendeberia (https://www.linkedin.com/in/elle-klocht-b3897b1a4/)
  3. Shiraz Ali khan
  4. Nirmal Prajapati (https://www.linkedin.com/in/nirmalmprajapati/)
  5. G Bharat kalyan  ( https://www.linkedin.com/in/bharath-kalyan-476a651ba )
  6. Harsh Bhanushali  (https://www.linkedin.com/in/harshbhanushali)
  7. Ereshwari Valmik (https://www.linkedin.com/in/ereshwari-valmik)
  8. Nikita Patel (www.linkedin.com/in/nikita-patel-1205n)
  9. Sanjith Roshan U (https://www.linkedin.com/in/sanjith-roshan-u-885095320)
  10. Muhammad Humza Zaheer (https://www.linkedin.com/in/hamza-zaheer-59b677183/)