At EcoAir, we place a high priority on the security and integrity of our products. We are committed to maintaining transparency and ensuring that any vulnerabilities identified are promptly addressed. This page outlines our process for reporting, classifying, responding to, and repairing vulnerabilities.
Report a Vulnerability:
We encourage users to report any potential vulnerabilities they discover. You do not need to log in to submit a vulnerability; simply use the form below to share details about the issue. To make the reporting process as seamless as possible, please provide the following:
- Vulnerability Description: A brief explanation of the issue.
- Affected Product/Version: Indicate which product and version the vulnerability impacts.
- Severity Level: Please categorise the severity of the vulnerability (High, Medium, Low, or Neglect).
- Attachments: Optional — attach any relevant screenshots or files that may assist in our investigation.
Vulnerability Classification and Risk Levels
Once a vulnerability is reported, we will classify it based on the severity of the issue. This helps us prioritise and address vulnerabilities effectively. Our classification system includes the following levels:
- High Risk: Critical vulnerabilities that may lead to remote code execution, data breaches, or other serious exploits. Immediate action is required.
- Medium Risk: Vulnerabilities that pose a significant risk but are not immediately exploitable. These are addressed in a timely manner.
- Low Risk: Minor vulnerabilities that do not pose an immediate security risk, such as cosmetic issues or non-critical bugs.
- Neglect: Issues that do not affect functionality or security, and do not require immediate action.
Example Severity Classifications:
- High Risk: Remote code execution, privilege escalation, or data leakage.
- Medium Risk: Denial of service, authentication bypass, or potential privilege escalation.
- Low Risk: Minor UI bugs or non-security related issues.
- Neglect: Cosmetic bugs or outdated content.
Response Times
We are committed to responding to all reported vulnerabilities in a timely manner. Our response times are based on the severity of the vulnerability:
- High Severity: We will acknowledge and begin investigation within 3 working days.
- Medium Severity: We will acknowledge and begin investigation within 5 working days.
- Low Severity: We will acknowledge and begin investigation within 10 working days.
Repair Times
We aim to resolve vulnerabilities as quickly as possible. The repair times depend on the severity level of the vulnerability:
- High Severity: Fixes will be implemented within 5 working days of acknowledgment.
- Medium Severity: Fixes will be implemented within 10 working days of acknowledgment.
- Low Severity: Fixes will be implemented within 15 working days of acknowledgment.
Vulnerability Repair Process
Our vulnerability repair process ensures that vulnerabilities are handled effectively and securely:
- Acknowledgement: Upon receiving a report, we will acknowledge the submission and assign it to the appropriate team for analysis.
- Investigation: Our security team investigates the reported issue to assess its impact and determine a resolution.
- Fix Implementation: Once the investigation is complete, we implement the necessary fixes and security patches.
- Verification: The fix is thoroughly tested to ensure that the vulnerability is properly addressed and that no new issues are introduced.
- Release: Once verified, the fix is included in the appropriate version release. Affected users will be notified of the patch.
Contact Us
If you have any questions or need further assistance, feel free to reach out to us:
- Email: support@ecoairgb.com
- Phone: (+44) 20 8459 2458
Thank you for helping us maintain a secure environment for all users.