The company has a mechanism (ex: a bug bounty program) through which security researchers can submit vulnerabilities they discover.
The product website does not include any information about processes or mechanisms for disclosing found vulnerabilities to the company.
❌
The company discloses the timeframe in which it will review reports of vulnerabilities.
The product website does not include any information about processes or mechanisms for disclosing found vulnerabilities, and does not include any information about timeframes for review.
❌
The company commits not to pursue legal action against security researchers.
The product website does not include any information about processes or mechanisms for disclosing found vulnerabilities, and does not include any information about security research or legal protections for researchers.
