Vulnerability Reporting and Handling
Our priority is to protect the security of our customers and the public. We believe communications is critical to our cybersecurity program, and we encourage research groups and individuals to disclose vulnerabilities to our team responsibly.
Delta Controls will not take legal action against responsible reporters who voluntarily and in good faith report a vulnerability to Delta Controls and follows our processes.
Delta Controls is a responsible vendor when it comes to vulnerability handling and disclosures. We ensure that security patches are released and security alerts are communicated to our customers before public disclosures. That way, we can deploy patches, mitigate the risk, and keep everyone safe.
Delta Controls encourages on-going communication and collaboration throughout the process. Rest assured that our cybersecurity team is available to keep you up to date along the way.
Delta Controls Vulnerability Handling and Disclosure Process
1. Report to Delta Controls.
Use our Vulnerability Reporting Form to submit the vulnerability to the Delta Controls Security Team.
2. Acknowledge – Let’s get back to you quickly!
You can expect the Delta Controls security team to acknowledge your report within 5 business days.
3. Verify – We will triage reports and verify the issue.
Delta Controls will verify the vulnerability. In some cases we may need to contact you to gather more information about the vulnerability.
4. Remediation – Let’s get it resolved.
Following our software development lifecycle and quality policies, Delta Controls will resolve the vulnerability and verify the solution as quickly as possible. Delta Controls may request your assistance in verifying the solution.
5. Release and Deploy – Let’s get it out the door and released.
Delta Controls will release the new software following our software development lifecycle and release processes. Every attempt to expedite the release will be made without jeopardizing the quality of the product.
6. Advisories and Disclosures – Lets communicate.
Delta Controls will publish and communicate a security advisory to our customer base with a focus on the vulnerability, potential risk level and steps for mitigation. Given the nature of upgrading field control devices, public disclosures may need to follow behind the security advisory to ensure a reasonable amount of time for deployment. An advisory may be communicated earlier in the process in cases where the vulnerability is being exploited.
Note: In special cases where a vulnerability exists between multiple vendors a coordinated vulnerability disclosure process will be followed to ensure reasonable remediation and disclosure timelines for all stakeholders.
7. Recognition – Thank You!
Delta Controls would like to recognize your effort and responsible reporting in our security advisory and communications. Thank you for being a positive contributor to the cybersecurity community!
Vulnerability Report Form
Please include as much information as possible in the description. Device models and revisions, software versions, specific configurations, relevant device interactions with other components. Browser type and version.