IoT83 Vulnerability Reporting and Security Advisories

Find how to report potential vulnerabilities related to Flex83 and get insights to published security advisories.

Product Security Incident Response Team

Product Security Incident Response Team (PSIRT hereafter) is an integral part of the IoT DevSecOps Team.

IoT83’s PSIRT is responsible for receiving, processing, and disclosing IoT83 product and solution-related security vulnerabilities. It is the designated window to release information about IoT83 product vulnerability. IoT83 encourage end-user, partner, supplier, government agency, vendors, industry association, and independent researcher to report potential risk or vulnerability to PSIRT by email.

Reporting Potential Vulnerabilities

In case you discover a potential security vulnerability in IoT83 products, Please direct the email to security.officer@iot83.com and include the following information:

  1. Product and Version Affected
  1. A detailed description of  vulnerability along with steps to reproduce
  1. Known Exploits

PGP Public Key

Owing to the sensitive nature of vulnerability information, we strongly suggest reporters encrypt using IoT83’s PGP Key.

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: Keybase OpenPGP v2.0.76 Comment: https://keybase.io/crypto 

xsBNBGQQdOUBCACfUXG8FEv/J8XA1C2OgeOT2t97fpNxQ6yhP1d+sQMSPYKZpU/t  FniR5/PN5nkj2LBJ6ceVm1xHQxt33QrBGFHvQLs77vG7YxERUVIbb8w796//DeHs  f/KLTR09nlcZkuCZBEnGWYt0s4+NGoCfOobTOJhxWBXMjrHSQRcdXX2oH2TbubRx  kTNMfHpczgS/6mgmdG5XoX4lQC5mLSTRBt4mkGrhzJnABVy51IjDpk+k6JO/P6N6  nQcpU2Z8czdlBynCJVdRaRyikhQZi2HwKblgcBX0qZ4qaGQqY2rK3VWcqyk+INlX  FSRRYrkyjtAFKjXJPcDDzAuwCuAnlEE2U4FBABEBAAHNJU5pc2hhbnQgUHVyaSA8  bmlzaGFudC5wdXJpQGlvdDgzLmNvbT7CwHoEEwEKACQFAmQQdOUCGy8DCwkHAxUK  CAIeAQIXgAMWAgECGQEFCQAAAAAACgkQ4Z/hrjZIqhqe3wf7B9KHc4Fdtf1OwchJ  wRIM2wut9lhIh9cOA8h3FMsQhaakdEVipt0//6QqPD+nJNVhkj09AW0ZVwG6uSvr  NRr9jUXQ2jQr/zHjT94ed41ajrEjZaOnnvnzNMhvFt5p3IsilrdqM8rZ8xD1PFs1  WHFiOLwsc5PYG/jf2x6UilNTx2II5gMNVDiSLJ/7MD959Vol+pXypSnwwQVXsGUt  RW8VqC5QDcKpMYHhiJlA4yeYOUuIWlmrEwGO74CdYdKbWkaaUTDyRf6x/icSPMcm  6rZGYLzTPheuMivoWQSNLE1tsRsaon2TZVpQYNv8q8PkmWf4+ZPkmuZVYqF2mt0u  p+SmDs7ATQRkEHTlAQgAvzIyps931MyztZwlkyahldc2VwZAfxETcDgqrKUmZZQ7  4nj8RfafEKxHf8AvzCKi2dluDSM03DbGdlXUs7MWzDEGjCwwjC++hxlL7fWnBHrK  l2cyhjJhpJhuYkP+Fg1bkkoF34P3u/EikVaqj2EN6CBJ1xFz9A1yUBJBlF2B0aJI  7ht+Mt4jZj+wnUIEFY7oXp7weJUca9QnTfpTVtKHSh6TuUWRwJbSc0ZFm9hn83SA  j9+XL61iGTJ0JPqYORnbYH2m+PLe9BrdhcIboq6ECX/JLychV7QOZRk5Q204uUyY  0ZkHcuPWr6AvmzZSUD7gqfnt3S/lDJQljQfUw7czEwARAQABwsGEBBgBCgAPBQJk  EHTlBQkAAAAAAhsuASkJEOGf4a42SKoawF0gBBkBCgAGBQJkEHTlAAoJEHzY+gBF  Z+FZtDYH/2MqPsfKFAV9Biav0OujCZE8BDtyDJ1s6G9nRHqIwfyU7jUdm/XVHT1T  JpUyLafhSaj9xYxSVW30UONhN5BcWFjxj6r70L6lIg77cP5vUKawMUbv8qhZEyZS  G3ti+CWhqd3KdTYXjuPUyw0OVknBQpJr26Uryblbwkj9X58V7oarr9HxtjBGXQYq  +DjIVH9yoaN9m0b5VoKHQJDIvbL3QnEPW0DuTha35v1h2NSONDfc2pO5U1gdy4ox  tgZTUYb6pxqgsjjGOqbw9roZYh57YPIA21pKivuItbEdsHZ829eHgD9upyXB8myF  IzizN52QWTMF0/gFlQHpLIsEUMIVxBv6wQf8CVyvYTEmzYEK928ECbwYT5qu7hKW  7kUDjFxN3ve9UGoI5kiYm1mou1TSjuw9eznfKoVe2Kihzzo79yPePqmSq6lQjXl0  JQ2J9ljjXu5LcL1VZBIjLbJZ/5bbgMF+AHuWyP+9DSl7hfbK7ILTFgSrayVKd+4E  /mtiAPRYCkFiwZrkmFHRb69TKnBV87mhQq633ofBDSWF2uuFYxKjeIsaBuIXM34V  C0BSrymprqi4qdDEUrC6hLWMgmYy+uY66EHC9wg0Y+iBxQctUf/weqltWe99n+tA  BW2Fz/Jzt8vu8JihleM5J/zYmitRcc1d2jZIbjjQCQI6nytn8v4v833Hf87ATQRk  EHTlAQgAuWE4iy2y5V91zhqe8zospTwtu7rDv+CzwhcUusvi95f32haYH6YSFZh0  paUNAYa22tLK4yfQ4aeQBNgHs0MWENcyYjB+1epj1ZZbLOYgLQqvalmVwaDXvVQr  ZQUOAftgSKzVPSGgEDFQVv7LzCCc+sDwshsEJeU13a+O1zOGqq0WZpIKUNGrBToe  y/eb7aCE1ly4zXlqgreDP0XcQu341ebFz/Yub/0eSt72u26/OY8EFlvhQPHJpZZw  3e1ayQ72eyU+3hGdDPlgqKr6h8ufC0AXk82pXA8Cta+aBbGSyCQejX1hN5D1+61w  3BrUyE7WjD/JLDjPngv59RNHZ7M+cQARAQABwsGEBBgBCgAPBQJkEHTlBQkAAAAA  AhsuASkJEOGf4a42SKoawF0gBBkBCgAGBQJkEHTlAAoJEBPp9Jpl5SrLJwMH/A60  PRk9XnDdnj5vNWH29pq4bw620b3mDNYMLGI/jBTEYTHdGW+Y9sjIqXRXmQkjmUBh  nNtZqUNgtgVRUIZ9PZzpSJP75dRRkyf0GW2BKZU0JghkaTgWfW++5aTXN7PHFK8W  ZccUG5pmeo/ppS/2UaAUQUn1i5e/Ma1mfN3QmTUzcTgUC4dLOwLM8Leyg7v2XPzo  p+VA8LLB+s1k44Dqowpv6tiSgZ/Faj9i5yV2JIu2PIzWl74SeP04U8PBzq4UCVDc  3KuneSj+Mz7hjymQVKbOJVSYiWyT3/HKQdhyblBUZ7KDrz5smPG1SbEipqqeyBVq  KP07PxvY1uebYqS8P6tdZQgAmsNMpEKZMQNPn6WUZtbdXWTxbM8lwgZ6sTEbrk3x  02f2HP5JUY+N7MjsdIPUPIFRhNUhLQDakqkQYIka3jrivQ0PGn2RDk3UyG3YfwjB  1/GhmhHi0VG4z9bFbXpxX11USI1056mnukh3rsowT829ijyuZJ/gFNlA6Ye07Ego  qQMkKkyGP8ot8XmHFLgWZ7Sk/0I24Hg14x2BXqkkhA7rsc0UzUMHi3UPnr7YKNVZ  Zvvy1/XTrbiQ1nBFor/8YVjaVRGF+VhYXyhE6a/+Apu4D8GAZk4MQbT7qC0y/YOm  tlrGkOtPjjPIHtdcPyzT4DcXSYfaQ4j3U1inCyZ6oFt2pw==  =GF13

 

-----END PGP PUBLIC KEY BLOCK-----

IoT83’s Vulnerability Handling Process

  1. The IoT83  Security team reviews the issue and evaluates its potential impact.
  1. If the security issue is found not to be related to security, then the issue will be moved to IoT83 DevOps and Delivery Team.
  1. The IoT83 security team works on the issue to provide a solution and track all details of the problem until the next version of the Platform/Product is out.
  1. IoT83 then tries to reproduce the issues in various scenarios, and internal testing is done.
  1. IoT83 requests CVE identifiers for the security issue.
  1. Clients with valid License/support agreements are emailed, giving a period of time when it is possible to upgrade before the issue becomes known to the public.
  1. A public announcement for the community is made on the Website.

IoT83 Security Advisory

Publish Date CVE ID Title/Details Severity Affected Version Components Last Update

Terms & Conditions:

By submitting reports about vulnerabilities, security threats, and/or workaround proposals (hereinafter referred to as “Vulnerability Report”) to IoT83 Ltd or its affiliates. (hereinafter “IoT83”):

  1. By agreeing to these terms, you authorize IoT83 to utilize any Vulnerability Reports provided by you to enhance and update its software, products, or services. You also grant IoT83 a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license and the right to sublicense to IoT83 licensees and customers to utilize, publish, and disclose such Vulnerability Report in any manner it sees fit. This includes displaying, performing, copying, creating, utilizing, selling, and disposing of IoT83 and its sub-licensees’ software, products, or services that include the Vulnerability Report via any media without needing to reference the source. IoT83 is entitled to use the Vulnerability Report for any purpose without restriction or compensation.
  1. You also agree to test IoT83’s software, products, or services while ensuring that the safety and privacy of others are not compromised. You will seek permission from IoT83’s customers or users before performing any vulnerability testing on their devices or software.
  1. Moreover, you commit yourself to refrain from any activity that could harm IoT83, its customers, users, or employees. You agree to keep the Vulnerability Report and all information about IoT83’s software, products, or services’ threats and vulnerabilities confidential and not disclose them to any third party without IoT83’s prior express consent. You must also avoid and prevent any potential impact on the safety or privacy of anyone.
  1. Additionally, you agree not to engage in any activity that violates the laws or regulations of any country where data, assets, or systems reside, data traffic is routed, or where you are conducting research activity. Finally, you agree to comply with all applicable software license requirements and adhere to applicable laws.

Explore the complete potential of IoT with Flex83. Let’s connect.

Schedule A DemoTry Flex83 For 30 Days!