Vox Bugs & Security Issues Policy
Reporting Bugs and/or Security Issues to Vox
Vox is committed to resolving software bugs and addressing security issues via a coordinated and constructive approach. One designed to give the greatest value and protection for customers. Whether you are a Vox staff member, a customer, a reseller, an agent, a supplier, a software developer, or just a security conscious member of the public, you are an important contributor to this process.
If you identify a bug, an exploit, or potential security vulnerability with any of Vox’s platforms or services, please report it to our Information Security team by sending an email to bugsandvulnerabilities@voxtelecom.co.za. Making sure to include as much information as possible in your mail to fully describe the situation. Please note that we will not pay a ‘bounty’ for any potential issues reported.
Depending on the nature of the bug or vulnerability, it may not be possible to fix or remediate immediately, especially if this requires software changes or much a more complex architecture change to address a design flaw.
Information Security professionals view any public dissemination of the discovery of information security vulnerabilities as an invitation to criminals. It’s important to keep your discovery confidential to ensure you do not inadvertently contribute to a criminal activity taking place, which may impact the very service you are using and rely on as a customer.
Once we have received your report, the following steps will be taken to address the issue:
- Investigate and verify the bug or vulnerability.
- Fix the bug or remediate the vulnerability as soon as possible. If, for some reason, this cannot be done quickly, we will provide information on the recommended work arounds (for bugs) or mitigations (for vulnerabilities).
- We may issue public announcements.
Vox will endeavour to keep the reporter informed of its findings and any change in status with regards to addressing the issue.
We appreciate the efforts of security researchers and discoverers who share information on bugs and security issues with us. These reports allow us the opportunity to improve our products and services, to better serve and protect our customers and information.
Thank you for working with us through the above process.
The bugsandvulnerabilities@voxtelecom.co.za address is intended ONLY for the purposes of reporting product or service bugs and security vulnerabilities. It is not intended for technical support, sales, or any other communication.