O –  Day

Disclosure to Vendor and await acknowledgment

0 -7  Days

If acknowledgement not received from the vendor, second attemppt of contact

0 – 10 Days

If acknowledgment is received

  • Convey the commencement of 90 day’s public disclosure window.
  • Provide technical details if requested by vendor

Else proceed with public disclosure of the vulnerability

Inform “CERT” or other Disclosure Coordinators about the findings ( Depending on case, we decide which coordinator to inform)

Before 90 Days

 Vendor fixes & tests the vulnerabilities. Next vendor announces the path for the vulnerability and informs Payatu.

After patching or 90 Day’s

We make a public disclosure from our side after 90 days of notification or after the release of a patch by the vendor, whichever happens early.

We disclose our findings with academic details for the benefit of the larger community through
– Blog
– Technical Paper at Security Conferences (anywhere across the globe)
– Include in our training courses or study material

Confidentiality & Secure Communication

Regarding communication on Disclosure with vendor, the framework sets the following procedure:

  •  Throughout the nondisclosure period we expect regular communication between our team and vendor and this kept confidential
  • Only the Finder of the vulnerability and Payatu Appointed authority for the Disclosure Response Program are in communication loop.
  • Communication with Vendor and progress on stages of the Disclosure is documented and tracked at Payatu with its internal systems.
  • We prefer to use Cryptographically Secure communication channels to communicate with Vendors if supported and provided by them. 
  • As a Policy we Do keep “CERP” or other “Industry Trusted Disclosure Coordinators(s)” informed about our findings. This is a right of the Finder and doesn’t requires any kind of persmission from the affected Vendor.
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trusted by