Introduction
Gift Universe is committed to the security and privacy of our customers. In an era where internet-connected devices e.g. remote control drones with cameras, are ubiquitous, the importance of safeguarding these products against vulnerabilities cannot be overstated. Recognising the potential for security risks in any connected product, we have established a comprehensive Vulnerability Disclosure and Management Policy to address these concerns effectively.
Our policy addresses The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. And meets the UK PSTI security requirements.
Requirement |
Details |
Gift Universe Policy |
Passwords |
Unique per product or defined by the user of the product. |
Defined by the user.
|
Information on how to report security risks/vulnerabilities |
Point of contact to report security issues to the manufacturer. Reporter will receive an acknowledgment of receipt of a security issues report & status updates until the reported security issues are resolved.
|
PSTI Emergency Report Form or dedicated compliance email (psti@giftuniverse.com) Acknowledge receipt of all vulnerability reports no later than 7 days from submission.
Our compliance team will work closely with the reporter to understand the nature of the reported vulnerability and develop a plan for its resolution.
We aim to resolve any reported vulnerabilities within 90 days from the acknowledgment of the report. |
Information on minimum security update periods |
Information on the defined support period must be published.
|
3 years from the date of purchase. |
Objective
This policy aims to outline the procedures for reporting, acknowledging, and addressing security vulnerabilities in our internet-connected products and associated applications. Our goal is to foster a collaborative environment where the security research community, users, and our security team work together to improve and maintain the security of our products.
Reporting Vulnerabilities
We encourage the responsible reporting of any security vulnerabilities in our products. This includes issues in internet-connected devices, associated mobile applications, and any service that interacts with our devices. Reports can be submitted via our PSTI Emergency Response Form or through our designated PSTI email address (psti@giftuniverse.com) which is monitored by our compliance team.
Guidelines for Reporting
-
Provide a clear and concise description of the vulnerability, including the product and version affected.
-
Include steps to reproduce the vulnerability or proof-of-concept code if available.
-
Do not disclose the vulnerability publicly or to third parties until we have had an opportunity to address it.
Communication and Acknowledgement
-
Acknowledgement: We aim to acknowledge receipt of all vulnerability reports as soon as possible, but no later than 7 days from submission.
-
Confidentiality: We ask that all communications regarding the vulnerability be kept confidential to protect our customers and products. We are committed to maintaining the confidentiality of the reporter and any sensitive information related to the report.
-
Professional Engagement: We pledge to engage professionally and positively with all vulnerability reporters. We recognise the invaluable contribution of the security community and are committed to treating all reporters with respect.
Vulnerability Resolution
-
Understanding and Resolution: Our compliance team will work closely with the reporter to understand the nature of the reported vulnerability and develop a plan for its resolution.
-
Resolution Timeline: We aim to resolve any reported vulnerabilities within 90 days from the acknowledgment of the report. This includes deploying updates to affected products and implementing measures to mitigate the risk of future vulnerabilities.
-
Mitigation: In cases where immediate resolution is not feasible, we will take appropriate temporary measures to mitigate the risks posed by the vulnerability to our customers and their data.
Commitment
Gift Universe is dedicated to continuously improving the security of our products. Reporting vulnerabilities is a critical component of this commitment. By working together with the security community and our customers, we can ensure a safer experience for all our customers.
Contact Information
For reporting vulnerabilities or any security-related inquiries, please contact us via our PSTI Emergency Response Form or through our designated PSTI email address (psti@giftuniverse.com).
We thank you for your support in keeping Gift Universe and our customers safe.