Incident Response and Vulnerability Disclosure Policy
We kindly ask you to read the following policy in order to be aware of all the aspects related to the reporting of potential vulnerabilities and/or security incidents related to connected product of Electrolux group. The policy has been produced based upon NSCS Vulnerability Disclosure Toolkit (for reference here) Electrolux appreciates the effort of the reporting party spent for ensuring security and safety of our customers and we thank you very much for that.
- Scope
- The report should be related to a potential incident or security related issue. The website should not be used for reporting of product malfunctions or data privacy related issue (data related issues might be reported here).
- The reporter should not be an internal Electrolux Group employee; for internals that might want to report an incident/vulnerability, this link has to be followed.
- Process
- Timeline
- The acknowledgement of the receipt of the report will be automatically delivered by email. A feedback by the PSIRT (Product Security Incident Response Team) will be sent by email within 7 calendar days after the receival of the report.
- Each relevant status update of the process of management of the report will be given to the reporter as soon as available
- The dependency on a third-party in the process may include a not negligible delay in the overall process, since the complexity and the predictability of the process phases is increased due to the fact that another stakeholder is included in the process
- Legal
- The activity of the reporter must remain within legal boundaries
- The activity of the reporter must not cause any harm to Electrolux and its customers
- The activity of the reporter must not compromise the privacy, safety or operations of Electrolux and its customers
For detailed information about the Incident Response and Vulnerability Disclosure Process, please consult the Process section.