Shortwaves

Shortwaves's Vulnerability Disclosure Policy Vulnerability Disclosure Philosophy Shortwaves believes that responsible disclosure of security vulnerabilities is built on mutual trust, respect, transparency, and a shared commitment to protecting users. Through collaboration with the security research community, we work to strengthen the security and privacy of Shortwaves’s products, services, and customers. Security Researchers Shortwaves welcomes vulnerability reports from independent security researchers, industry partners, vendors, customers, and consultants. A security vulnerability is defined as an unintended weakness or exposure that could impact the confidentiality, integrity, or availability of Shortwaves’s systems, products, or services. Scope This policy applies to digital assets owned, operated, or maintained by Shortwaves, including publicly accessible websites, applications, and services. Our Commitment to Researchers Trust: We maintain confidentiality and professional integrity in our communications with security researchers. Respect: We treat all researchers with respect and recognize the value of their contributions in helping protect users and systems. Transparency: We work collaboratively to validate reported findings and, where appropriate, implement remediation measures consistent with our security and privacy commitments. Common Good: We investigate and address reported issues in a manner that prioritizes the safety and security of those who may be affected. What We Ask of Researchers Trust: We ask that potential vulnerabilities are reported responsibly, allowing sufficient time and information for our team to validate and address findings. Respect: We request that research activities avoid privacy violations, service disruption, degradation of user experience, or destruction of data. Transparency: We ask that reports include enough technical detail and context to allow our team to understand, reproduce, and validate the reported issue. Common Good: We request that researchers refrain from public disclosure of unverified vulnerabilities until Shortwaves has had a reasonable opportunity to investigate and address the report. Vulnerability Reporting Shortwaves encourages security researchers to report any suspected vulnerabilities affecting assets owned, controlled, or operated by Shortwaves, or that could reasonably impact the security of Shortwaves or its users. Reports should be submitted through the web form below. The Shortwaves security team will acknowledge receipt of each report, conduct a thorough review, and take appropriate action to support timely resolution.