Zum Hauptinhalt springen

Security

Coordinated vulnerability disclosure

Security is core to how we build connected products — secure boot, signed OTA, encryption, and a documented disclosure process. We hold our own surfaces to the same standard. If you believe you've found a security vulnerability in GizanTech's website or a product we maintain, we want to hear from you, and we'll work with you in good faith to fix it.

How to report

Email [email protected] with as much detail as you can:

  • • A clear description of the issue and the affected URL, endpoint, or component
  • • Steps to reproduce, and a proof-of-concept if you have one
  • • The impact you believe it has

Our machine-readable contact is published at /.well-known/security.txt. If you need to encrypt your report, say so and we'll arrange a key.

Our commitment to you

  • • We'll acknowledge your report within 3 business days.
  • • We'll keep you updated as we investigate and remediate.
  • • We'll credit you for the discovery if you'd like — or keep you anonymous.
  • Safe harbor: we will not pursue or support legal action against researchers who act in good faith under this policy.

In scope

  • gizantech.com and its web applications, APIs, and lead-capture forms
  • Firmware or hardware products GizanTech actively maintains — by arrangement with the product owner

Out of scope

  • Denial-of-service, volumetric, or load/stress testing
  • Spam, social engineering, or phishing of our staff or clients
  • Physical attacks against offices, hardware, or personnel
  • Automated scanner output with no demonstrated, exploitable impact
  • Reports affecting only outdated browsers or requiring an already-compromised device

Good-faith guidelines

Please don't access, modify, or delete data that isn't yours; don't degrade our service or our clients'; and give us a reasonable window to remediate before any public disclosure. We'll do our part to move quickly.