Skip to main content

Nordlox Legal Hub:

Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

At Nordlox, we take the security of our systems and data seriously. We value the contributions of the security research community and welcome reports of vulnerabilities discovered in our products or services. This policy outlines the process for responsibly disclosing vulnerabilities to us, helping to protect the safety and security of all users.

1. Reporting a Vulnerability

If you believe you have discovered a vulnerability in one of our systems or services, we encourage you to report it to us promptly and responsibly. To report a security issue, please follow these steps:

How to Report
Email us at security@nordloxsecure.com with the following details:

  • A clear description of the vulnerability.
  • Steps to reproduce the issue.
  • Any relevant screenshots, proof of concept, or other supporting information.
  • Your contact information (mandatory), please include the information below in your email report:
    • First and last name
    • Company name
    • Contact phone number (optional)
    • Preferred email contact
    • General description of vulnerability
    • Product containing vulnerability (hardware & software versions), part numbers
    • Tools, hardware and other configurations required to trigger the event
    • Any security or service pack updates applied
    • Document instructions to reproduce the event
    • Sample code, proof of concept or executable used to produce event
    • Definition of how the vulnerability will impact a user including how the attacker could breach security on-site
    • Affected product
    • System details
    • Technical description and steps to reproduce
    • Proof of Concept (provide link)
    • Other parties and products involved
    • Disclosure plans/dates/drivers
    • What was the purpose and scope of research being performed when found (context)?

What to Avoid

  • Please refrain from publicly disclosing the vulnerability until we have resolved the issue.
  • Do not exploit the vulnerability beyond demonstrating it in a controlled manner.
  • Avoid accessing, modifying, or deleting data that does not belong to you.

2. Our Commitment to You

We appreciate your efforts in identifying potential security vulnerabilities. In return, we commit to:

  • Acknowledging your report within 48 hours.
  • Investigation and Response: We will promptly investigate the reported issue and provide you with an update on the resolution process.
  • Fix and Resolution: We aim to address verified vulnerabilities as quickly as possible, based on their severity.
  • Credit and Recognition: If you wish, we will acknowledge your contribution in our public Hall of Fame or through other forms of recognition.

3. Safe Harbor

We offer safe harbor to researchers who follow this policy in good faith. If you report a vulnerability responsibly, we will not take legal action against you for accessing Nordlox systems or services to test the vulnerability, provided you follow these guidelines:

  • Act in Good Faith: Report issues promptly and responsibly, without exploiting the vulnerability for personal gain.
  • Do Not Cause Harm: Avoid any actions that could negatively impact the data, privacy, or security of users or systems.

4. What We Consider In-Scope

We encourage reports on vulnerabilities related to the following:

  • Nordlox Websites and Web Applications
  • Nordlox Mobile Apps and Software
  • Nordlox Product (mechanical or smart system)
  • Nordlox APIs and Services
  • Other Nordlox-owned Digital Infrastructure

Out of Scope

  • Vulnerabilities related to outdated software, unsupported browsers, or devices.
  • Social engineering, phishing, or any form of human manipulation.
  • Denial-of-Service (DoS) attacks or spam campaigns.

5. Legal Disclaimer

While we welcome and encourage responsible disclosure of vulnerabilities, Nordlox reserves the right to review and validate the submission. We are not liable for any harm caused during the discovery process, provided the researcher follows the terms outlined in this policy.

6. Recognition and Reward

If your report leads to the identification and resolution of a security vulnerability, we may offer a reward or recognition based on the severity of the issue and its impact. Please let us know if you wish to remain anonymous.

7. Updates and Changes

We may update this Vulnerability Disclosure Policy from time to time. All changes will be reflected on this page with the “Last Updated” date. We encourage you to review the policy periodically.

8. Contact Us

For any questions related to this Vulnerability Disclosure Policy, please contact us at:
Email: legal@nordloxsecure.com
Phone: +45 7022 3041
Mailing Address: Peter Bangs Vej 153, 2000 Frederiksberg, Denmark

Update Informations

Last Updated: [lmt-post-modified-info]

Thank you for helping us ensure the security and safety of Nordlox systems!

Table of Contents

Table Of Contents (Index)