Skip to content Skip to footer

Vulnerability Disclosure Policy

Background

At myenergi we care about ensuring our products are safe and secure whilst they operate in your home. Your myenergi products include security features that protect your device against evolving cyber threats.

New cyber threats are discovered across the world every day, so it is important you keep your myenergi device up to date with the latest firmware to ensure you benefit from the latest quality and security updates. For most devices, you can check the firmware of your myenergi device and update it in the myenergi app.

The myenergi system is designed to be reliable, secure and to keep your data confidential. This ensures your product performs in a reliable and safe way, to protect you, your home, and the energy grid from damage.

Vulnerability Disclosure Policy

myenergi recognises the role that the security community and our customers play in keeping our products and all our customers safe. We welcome reports from customers or security researchers, if a suspected security vulnerability is discovered in our products, software, or servers.

We value the time and the effort involved in reporting vulnerabilities to us, however we do not offer monetary rewards (sometimes referred to as ‘bug bounties’) for discovered vulnerabilities.

For the safety and security of our products and customers, myenergi does not disclose information relating to security vulnerabilities until a suitable fix has been implemented.

 

You can report a vulnerability to us using the below link If you discover a suspected vulnerability:

When making your report to us please let us know the following information:

    • The IP address and port the vulnerability was found. (If applicable)
    • The nature of vulnerability (for example Arbitrary File Upload)
    • The product(s) affected (if applicable)
    • The firmware version(s) or App Version(s) you suspect to be vulnerable (If applicable)
    • The steps you took to discover the vulnerability.
    • If a CVE is known for this vulnerability, please provide the CVE. (See CommonVulnerabilities and Exposures. CVE – CVE (mitre.org)

      Report a Vulnerability

 

Our commitment to you:

  • We’re grateful for the support from the security research community. We will not take legal action against you for disclosing a vulnerability with us
  • We’ll investigate your report and take action in a reasonable timeframe
  • We’ll acknowledge your efforts and support (if desired) in our software release notes

Acting within the law

Please ensure you act in a lawful manner when interacting with our products, websites, or servers. The following is prohibited. This is not an exhaustive list, and you should always consider the current legislation:

  • Any activity outside of the law.
  • The use of aggressive or invasive automated scanning tools, such as port scanners or vulnerability scanners.
  • Creating server demand which could result in a Denial of Service.
  • Social engineering our customers, staff, or suppliers.
  • Breaching data protection legislation by exposing or accessing the data of customers, staff, or suppliers.
  • Uploading malicious payloads to our products or services.
myenergi