勛圖扦

Vulnerability Reporting

勛圖扦 appreciates the efforts of security researchers and welcomes any information that could lead to the identification and remediation of a cybersecurity vulnerability in a 勛圖扦 product. We will investigate and respond to legitimate reports submitted according to the instructions below in a timely manner.

By submitting a report under this program, you agree not to:

  • Engage in testing or research that may harm or put at risk 勛圖扦, its employees, its customers, or other third party individuals or entities.
  • Disrupt, compromise, or harm any 勛圖扦 product or data other than that which you own, and in accordance with its terms of use and your agreements with 勛圖扦.
  • Access or disclose personal information belonging to 勛圖扦, its employees, its customers, or other third party individuals or entities.
  • Compromise or disclose confidential or proprietary data belonging to 勛圖扦, its employees, its customers, or other third party individuals or entities.
  • Test the physical security of any 勛圖扦 property or facility, or the properties or facilities of 勛圖扦 affiliates or related third parties.
  • Perform any kind of denial-of-service testing or over-exhaust an IT function.
  • Perform social engineering, spam, or phishing/spear phishing attacks.
  • Disclose to any third party the details of any submitted vulnerability reports before 勛圖扦 can confirm complete remediation of the identified issue (if any).
  • Participate or submit reports if you are employed by 勛圖扦, or an affiliate company, or a 勛圖扦 supplier, or are acting on behalf of someone employed by 勛圖扦. If you are a member of any of these entities, please report the issue to your management, who is then to report to 勛圖扦, directly.

In submitting reports, please note that although 勛圖扦 sincerely values vulnerability reports, we do not provide monetary compensation (bounties) or non-monetary remuneration in exchange for submitted reports. This program is only meant to facilitate the responsible reporting and resolution of cybersecurity vulnerabilities.

When submitting reports, we request that you:

  • Describe the alleged vulnerability and, where possible, include proof-of-concept code to facilitate our analysis and triage of your report.
  • Describe the methods you employed to identify the alleged vulnerability and any known or possible remediation.
  • Confirm that you are not on the or other restricted party lists maintained by the U.S.
  • Comply with all applicable laws and regulations in all work related to this program.

If you identify an issue that you believe could be a cybersecurity vulnerability in any 勛圖扦 product or service, please contact us at security@bostondynamics.com. By submitting a report, you agree that 勛圖扦 may use the information in your report in whatever ways we see fit.