Vulnerability Disclosure Policy

1. Purpose

Contech Co., Ltd. (Hereinafter referred to as "our company".) considers taking measures against vulnerabilities that affect our company products and services to be a serious issue, and has established (Hereinafter referred to as the "Policy".) to promote measures.
Our company strives to provide products and services that customers can use with peace of mind in accordance with this policy.

2. Scope

This policy applies to all products and services (Hereinafter referred to as "our company Products, etc.".) designed, manufactured, sold and provided by our company.
Vulnerability under this policy refers to information security defects caused by program defects or design defects. It does not include damage, failure or physical defects of our company products themselves.

3. Collecting Vulnerability Information

If a vulnerability is found in our company products, please send an e-mail to our company Product Security Incident Response Team (PSIRT).
 Mail Contact：psirt@jp.contec.com
Our company is responding in cooperation with each coordinating organization in accordance with the Information Security Early Warning Partnership Guidelines.

3.1. Personal Information Protection Policy

The vulnerability information provided and the information of the reporter are managed in accordance with our company's Personal Information Protection Policy ( https://www.contec.com/privacy/ ).

3.2. Information you would like to provide

・Our company products with vulnerabilities
・Versions of our company products that contain vulnerabilities
・Vulnerability Type
・Detailed steps to reproduce the vulnerability

4. Vulnerability Investigation and Countermeasures

If you contact our company PSIRT by email, the person in charge of our company will check the content and send you an email indicating receipt.
After that, our company PSIRT Design and Development Department will conduct vulnerability triage, investigate and correct as necessary, and respond in cooperation with each coordinating organization.
If it is confirmed that the vulnerability is not new, we will terminate the response upon agreement with the reporter.

5. Disclosure of vulnerability information

When a vulnerability is discovered, information on countermeasures will be published on the relevant website of each coordinating body, our company website ( https://www.contec.com/support/security-info/ ), and email newsletter after arranging the schedule with each coordinating body.

5.1. Thanks to the rapporteur

If a person who has contributed to the discovery or resolution of vulnerabilities in our company products agrees to the posting of an acknowledgment, the acknowledgment will be posted in the countermeasure information.