Esko's Commitment to Security and Transparency
Esko, a leading provider of digital products and assets, places a high priority on maintaining the security and integrity of its offerings. With a strong emphasis on transparency and collaboration, Esko aims to enhance security not only for itself but also for its valued customers. The company has implemented a Coordinated Vulnerability Disclosure (CVD) process, effective as of June 2021, to continuously fortify the security of its digital solutions.
Responsible Vulnerability Reporting
Esko actively encourages security researchers to play a pivotal role in identifying potential vulnerabilities in its products or assets and reporting them responsibly. By submitting a detailed vulnerability report to csir@esko.com, individuals contribute to maintaining a secure digital environment for all Esko users. It is essential to familiarize oneself with Esko's rules and guidelines before reporting any security issues to ensure a smooth and efficient process.
Guidelines for Reporting Vulnerabilities
When reporting a potential vulnerability to Esko, researchers should provide a clear description of the issue, along with supporting evidence such as logs, screenshots, or other relevant materials. Additionally, including the date of discovery, an assessment of exploitability, and an explanatory video demonstrating the vulnerability discovery process are crucial components of a comprehensive submission. Researchers are urged to disclose any tools, user privileges, platforms, or IP addresses relevant to the vulnerability for thorough assessment.
Reward and Recognition Policies
Esko acknowledges and rewards individuals for their valuable contributions to the identification and mitigation of security vulnerabilities. The company grants rewards at its discretion to the first reporter of a relevant vulnerability. However, it is important to note that submissions without a clear description and evidence, or lacking an explanatory video, may be deemed ineligible for rewards. Esko also highlights the exclusion of individuals on sanctions lists or residing in countries under sanctions from the reward program.
Ensuring Secure Communication
Esko places a strong emphasis on ensuring secure communication with researchers reporting vulnerabilities. By providing contact information, researchers enable Esko to engage in secure and efficient communication regarding the reported issues. The company values the collaborative efforts of the security research community in safeguarding Esko's digital ecosystem.
Promoting Continuous Improvement
Through its Coordinated Vulnerability Disclosure process, Esko aims to continuously enhance the security posture of its digital products and assets. The company reserves the right to modify the CVD process as needed to adapt to evolving security threats and challenges. By fostering transparency, collaboration, and responsible disclosure practices, Esko reinforces its commitment to maintaining a secure digital environment for all stakeholders.
Feedback and Contact Information
Esko welcomes suggestions and feedback for improving the CVD program, demonstrating the company's commitment to ongoing enhancement and collaboration with security researchers. Individuals can reach out to csir@esko.com to provide vulnerability information or share insights on how Esko can further strengthen its security practices. By working together, Esko and its valued customers can collectively contribute to a safer and more secure digital landscape.