IndicatorSmart LockFinal Results
The company has a mechanism (ex: a bug bounty program) through which security researchers can submit vulnerabilities they discover.
  • The product website does not include any information about processes or mechanisms for disclosing found vulnerabilities to the company.
The company discloses the timeframe in which it will review reports of vulnerabilities.
  • The product website does not include any information about processes or mechanisms for disclosing found vulnerabilities, and does not include any information about timeframes for review.
The company commits not to pursue legal action against security researchers.
  • The product’s terms of service specifically outline activities that would violate these terms, many of which are part of regular security research processes, such as probe, scan, attempt to gain the source code, and test the vulnerability of any device, service, software, system or network.
  • The terms of service also assert the right to investigate violations and consult and cooperate with law enforcement to prosecute users.
  • The product’s end user agreement restricts users from disassembling, reverse compiling, or reverse engineering the product, without any exclusion for security research purposes.