Security Vulnerability Reporting

If you discover a security vulnerability in one of our products or services, you can report it to us by sending an email to security@pexar.com. Reports may be submitted anonymously.
Please include the following information:
  • Name of product, model number, firmware or software version
  • Description of the vulnerability
  • Reproduction steps of the vulnerability
  • Suggestions for fixes or mitigation (if any)
    We will contact you within 3 business days of receiving your report to confirm receipt.
    We will report on the vulnerability remediation process every two to three weeks until the vulnerability is solved.
    Note:
    • Vulnerability reports should be handled with care. False reports or malicious activities are prohibited
    • Vulnerability management is managed based on the life cycle of product/software versions. Pexar will manage the vulnerabilities of all products before the end of service and support (EOS).
    • To protect our users, Pexar will not disclose, discuss, or confirm any security issues until a full investigation has been completed and an update is available. We kindly ask reporting parties to keep vulnerabilities confidential and not share unresolved vulnerabilities with third parties or make them public until Pexar provides the related patch solution.
    • In order to better support customers in patch deployment and risk assessments, Pexar will simultaneously publish vulnerability patching status in Software updates . It is recommended that you follow the update prompts to upgrade to a new product/software version or install the latest patches to reduce the risk of vulnerabilities.
      We appreciate your contributions to improving security. The report will be taken seriously, and appropriate actions will be taken.