1. Report to Delta Controls.
Use our Vulnerability Reporting Form to submit the vulnerability to the Delta Controls Security Team.
2. Acknowledge – Let’s get back to you quickly!
You can expect the Delta Controls security team to acknowledge your report within 5 business days.
3. Verify – We will triage reports and verify the issue.
Delta Controls will verify the vulnerability. In some cases we may need to contact you to gather more information about the vulnerability.
4. Remediation – Let’s get it resolved.
Following our software development lifecycle and quality policies, Delta Controls will resolve the vulnerability and verify the solution as quickly as possible. Delta Controls may request your assistance in verifying the solution.
5. Release and Deploy – Let’s get it out the door and released.
Delta Controls will release the new software following our software development lifecycle and release processes. Every attempt to expedite the release will be made without jeopardizing the quality of the product.
6. Advisories and Disclosures – Lets communicate.
Delta Controls will publish and communicate a security advisory to our customer base with a focus on the vulnerability, potential risk level and steps for mitigation. Given the nature of upgrading field control devices, public disclosures may need to follow behind the security advisory to ensure a reasonable amount of time for deployment. An advisory may be communicated earlier in the process in cases where the vulnerability is being exploited.
Note: In special cases where a vulnerability exists between multiple vendors a coordinated vulnerability disclosure process will be followed to ensure reasonable remediation and disclosure timelines for all stakeholders.
7. Recognition – Thank You!
Delta Controls would like to recognize your effort and responsible reporting in our security advisory and communications. Thank you for being a positive contributor to the cybersecurity community!