Vulnerability disclosure policy
UK-PSTI-Vulnerability Disclosure Policy
Backbone is fully dedicated to delivering products and services that are safe, secure and compliant with applicable law and regulation. If vulnerabilities are discovered, we approach them with a strong sense of urgency and resolve them promptly.
The Minimum Support Timeline we anticipate is 2 years (until 15/4/2027).
How to Report a Vulnerability
If you identify a potential information or cyber security vulnerability with a Backbone product, please contact us by sending an email to legal@playbackbone.com with the subject **โProduct Security Issue.**โ Once your incident report is received, the appropriate personnel will follow up with you and address the issue. We appreciate your attention to these matters and we strive to acknowledge receipt of all bona fide reports within 48 hours.
Please do not use this e-mail address for other purposes. If you require technical support regarding our products or services, please visit https://help.backbone.com/ for further assistance.
Reviewing Reported Vulnerabilities
When Backbone is notified by a third party of a potential vulnerability found in our products, we thoroughly investigate the report and promptly take any necessary response actions. We are committed to ensuring the safety and security of our products. In cases where we receive information about a security vulnerability from a supplier under a confidentiality or non-disclosure agreement or under embargo, we work closely with the supplier to request that a security fix is released. Although we may not be able to disclose all the details about the security vulnerability, we are confident in our ability to address the issue and provide a secure product to our customers.
Assessing Vulnerability Findings
Backbone follows the widely accepted industry standards to evaluate and categorize vulnerabilities based on their potential impact as High, Medium or Low. Backbone takes severity level into account when addressing security vulnerabilities. If the vulnerability is so severe that it requires notifying customers, we will take that action.
