We take product security seriously and welcome reports from customers, partners, and researchers. This page explains how to report a vulnerability to us and what you can expect in return.
If you believe you have discovered a security vulnerability in a Zaptec product or service, please contact us at security@zaptec.com.
To help us respond quickly and effectively, please include as much detail as possible in your report. We recommend reviewing these guides for tips on writing high-quality reports:
Please do not publicly disclose the vulnerability before we have had a chance to investigate and respond.
All products we place on the market (devices, firmware/software, and any integrated remote data-processing services tied to product functions)
Corporate IT systems and third-party services not integral to product functions (but you may still notify us if you find something concerning)
If you comply with these rules and applicable laws, we won’t pursue legal action or ask law enforcement to investigate your research.
Zaptec shall provide a written report no later than 14 business days after the occurrence of the event or upon receipt of the request for information.
The report shall include relevant findings, corrective actions taken, and any follow-up measures planned.
Zaptec shall fulfill all reporting obligations to relevant authorities in accordance with applicable laws and regulations.
This includes, but is not limited to, the timely submission of reports required by national or EU legislation related to data protection, product safety, or cybersecurity.
Zaptec shall inform the Customer without undue delay of any such reporting when it concerns systems or data related to the Customer.
Critical security patches will be communicated immediately upon release, while routine updates will be summarized in regular maintenance notifications.