1. Purpose

AVYCON is committed to maintaining the security and integrity of our products, services, and infrastructure. We value the efforts of security researchers and members of the community who help us identify potential vulnerabilities. This policy outlines how to responsibly report security issues to AVYCON and how we handle such reports.

2. Scope

This policy applies to security vulnerabilities discovered in:

• All AVYCON products and solutions only, including end-of-life (EOL)/end-of-service (EOS) products

This policy does not apply to:

• Third-party services or products not owned or controlled by AVYCON
• Physical security issues
• Social engineering attacks against AVYCON employees or customers

3. Responsible Disclosure Guidelines

We ask security researchers to:

• Act in good faith and avoid privacy violations, data destruction, or service disruption
• Limit testing to what is necessary to confirm the vulnerability
• Not exploit a vulnerability beyond proof of concept
• Not publicly disclose the vulnerability until AVYCON has had a reasonable opportunity to investigate and remediate the issue

4. How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it as soon as possible by contacting:

Email: security@avycon.com
Subject Line: Security Vulnerability Report

Please include:

• A detailed description of the vulnerability
• Affected product(s), version(s), or URL(s)
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any proof-of-concept code or screenshots (if available)
• Your contact information for follow-up

If sensitive information is included, we recommend encrypting your message.

5. Safe Harbor

AVYCON will not pursue legal action against individuals who:

• Discover and report vulnerabilities in accordance with this policy
• Make a good-faith effort to avoid harming users, customers, or AVYCON
• Do not violate applicable laws or access data beyond what is necessary to demonstrate the vulnerability

This safe harbor applies only to activities conducted within the scope of this policy.

6. AVYCON’s Commitment

Upon receiving a vulnerability report, AVYCON will:

• Acknowledge receipt within a reasonable timeframe
• Investigate and validate the reported issue
• Prioritize remediation based on severity and impact
• Communicate with the reporter as appropriate during the process
• Credit the reporter upon request (unless anonymity is preferred)

7. Disclosure Timeline

AVYCON aims to remediate confirmed vulnerabilities in a timely manner. Coordinated disclosure timelines will be determined on a case-by-case basis, considering severity, complexity, and potential risk to customers.

8. No Bug Bounty

At this time, AVYCON does not offer a paid bug bounty program. However, we sincerely appreciate responsible disclosures and the contributions of the security community.

9. Policy Updates

This policy may be updated periodically. The latest version will always be available on AVYCON’s official website.