Vulnerability disclosure policy

OS AURORA AND AURORA CENTER SOFTWARE VULNERABILITY REPORTING POLICY

Open Mobile Platform LLC regularly publishes security bulletins for its partners. A security bulletin describes vulnerabilities that have been resolved, their severity assessed by the Common Vulnerability Assessment System (CVSS) technical and organizational measures taken to prevent any exploitation of vulnerabilities and information about the person who reported the relevant vulnerability.

All information about security bulletins is published on website https://cve.omprussia.ru.

If you believe that you have discovered vulnerability in the Aurora operating system (OS) or Aurora Center application software (AS), please forthwith inform us of the discovered vulnerability to prevent its exploitation by abusers or attackers. Once our security experts have verified the software product, we will notify you of the steps taken to register and eliminate the vulnerability and report appropriate information about it to regulatory authorities, users and partners.

HOW TO REPORT VULNERABILITY

To report vulnerability, please send an email to security-bug@omprussia.ru containing the following information:

  • Your contact details;
  • name and version of the product in which you discovered the vulnerability;
  • description of how the product actually operated and how you expected it would operate;
  • numbered list of steps required to replicate the problem and a demo video if such steps may be difficult to replicate.

You will receive an automatic response from Open Mobile Platform LLC confirming the fact that we have received the report. Should we need further information, we will contact you in due course.

Additional references: