Security Vulnerability Reporting Policy at Neat

Last updated April 23, 2024

This article defines the Security Vulnerability Reporting policy at Neat. If you are considering reporting a security issue with us, please read this article for guidance and information. We greatly value those who take the time and effort to report security vulnerabilities to us. However, please note that we do not offer monetary rewards for any vulnerability disclosures.

IMPORTANT: Neat retains the right to modify the terms or contents of this notice at any time.

How to report a security issue or vulnerability to Neat?

If you believe you have found a security vulnerability, please submit your report to us by emailing support@neat.no or security@neat.no

What information should you include in your email?

When reporting the issue, please include the following:

  • Name and/or model of product or service;
  • Description of the vulnerability;
  • Potential impact;
  • Technical details for reproducing the vulnerability;
  • Proof of concept code, if applicable; and
  • Any other pertinent information.

What to expect after you have sent your email?

After you have submitted your report, we will respond to your email within 2 working days and aim to triage your report within 10 working days.

We respect the time and effort taken to identify and report vulnerabilities. Once you have submitted a report, we expect to keep you informed of any progress we make in our investigation. You are also welcome to inquire on the status of the vulnerability. We may also seek additional details or clarification if required. We believe in open communication and we will share the details of any resolution we make with you.

The priority for the remediation of the vulnerability will be assessed based on the impact, severity and complexity of the exploit. Once we have resolved the issue, we will assess the need for a public disclosure for the issue on a case-by-case basis. If you require an external statement from us before an official disclosure, please contact us and we will guide you through it.