Vulnerability Disclosure Policy (VDP)
RansNet Singapore Pte Ltd
As a networking and security solutions provider, RansNet commits to ensuring customer security and privacy. The organization welcomes vulnerability reports from partners, users, developers, and ethical hackers to strengthen protections.
Note: This policy does not authorize actions that violate applicable laws and regulations.
Reporting Security Issues
Researchers who discover potential vulnerabilities in RansNet products should:
- Notify support@ransnet.com promptly upon discovery
- Avoid privacy violations, service degradation, system disruption, or data destruction
- Use exploits minimally to confirm vulnerabilities; avoid data exfiltration or lateral movement
- Allow reasonable time for resolution before public disclosure
- Immediately cease testing and report to RansNet upon discovering actual vulnerabilities or sensitive data
Recommended report elements:
- Vulnerability location and exploitation impact
- Detailed reproduction steps with proof-of-concept materials
Our Responses
RansNet’s response process includes:
- Incident ticket creation and acknowledgment within 4 hours of email receipt
- Helpdesk assessment forwarding to research and development teams
- Vulnerability verification and patch/update release; interim mitigations if needed
- Daily updates until resolution
- Public announcement to affected customers with mitigations
- Inclusion in future releases with version information
RansNet expresses appreciation for contributors helping improve product security and customer protection.