Vulnerability
Disclosure Policy
Native Voice has developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.
Legal Posture
Native Voice agrees not to pursue legal action against individuals who:
-
Engage in testing of systems/research without harming Native Voice or its customers
-
Engage in vulnerability testing of products without affecting customers (i.e., do not engage in vulnerability testing against their devices/software, etc.)
-
Adhere to the laws of their location and the location of Native Voice
-
Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires
Reporting security issues
If you believe you have discovered a vulnerability in a Native Voice product or have a security incident to report, please email us at security@nativevoice.ai. If desired, you can also make use of our PGP key for additional encryption of your report.
What we would like from you
-
Reports should be written in English whenever possible
-
Reports should provide a detailed technical description of the steps required to reproduce the vulnerability, including a description of any tools needed to identify or exploit the vulnerability. Images, e.g., screen captures, and other documents may be attached to reports. It is helpful to give attachments illustrative names.
-
Reports may include proof-of-concept code that demonstrates exploitation of the vulnerability.
-
We request that any scripts or exploit code be embedded into non-executable file types.
What you can expect from us
-
If you choose to share your contact information with us, we will timely acknowledge that your report has been received (generally within 3 business days).
-
To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
-
We will maintain an open dialogue to discuss issues.
-
We will give you credit for discovering the vulnerability in public communications after the vulnerability has been validated and fixed, unless you specify in writing that you would prefer to stay anonymous
-
We will handle your report confidentially and will not share personal details with third parties without your consent, unless obliged to do so pursuant to a statutory provision or a legal ruling.
Questions
Questions regarding this policy may be sent to security@nativevoice.ai. We also invite you to contact us with suggestions for improving this policy.
Connect with Native Voice
Native Voice has developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.
Legal Posture
Native Voice agrees not to pursue legal action against individuals who:
-
Engage in testing of systems/research without harming Native Voice or its customers
-
Engage in vulnerability testing of products without affecting customers (i.e., do not engage in vulnerability testing against their devices/software, etc.)
-
Adhere to the laws of their location and the location of Native Voice
-
Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires
Reporting security issues
If you believe you have discovered a vulnerability in a Native Voice product or have a security incident to report, please email us at security@nativevoice.ai
What we would like from you
-
Reports should be written in English whenever possible
-
Reports should provide a detailed technical description of the steps required to reproduce the vulnerability, including a description of any tools needed to identify or exploit the vulnerability. Images, e.g., screen captures, and other documents may be attached to reports. It is helpful to give attachments illustrative names.
-
Reports may include proof-of-concept code that demonstrates exploitation of the vulnerability.
-
We request that any scripts or exploit code be embedded into non-executable file types.
What you can expect from us
-
If you choose to share your contact information with us, we will timely acknowledge that your report has been received (generally within 3 business days).
-
To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
-
We will maintain an open dialogue to discuss issues.
-
We will give you credit for discovering the vulnerability in public communications after the vulnerability has been validated and fixed, unless you specify in writing that you would prefer to stay anonymous
-
We will handle your report confidentially and will not share personal details with third parties without your consent, unless obliged to do so pursuant to a statutory provision or a legal ruling.
Questions
Questions regarding this policy may be sent to security@nativevoice.ai. We also invite you to contact us with suggestions for improving this policy.