Vulnerability Disclosure Policy

At Legend Power Systems, we take the security of our systems seriously and value the contribution of security researchers in identifying potential vulnerabilities. This policy outlines the process for reporting security issues and our commitment to addressing them.

1. Scope

The following systems are in scope for this policy:

  • Legend Analytics
  • SmartGATE

Only exploitable security vulnerabilities in these systems are considered within scope. Any other types of issues or systems not listed are considered out of scope for this program.

2. Safe Harbor

We commit to working with security researchers who follow the guidelines in this policy. If you:

  • Report vulnerabilities in accordance with this policy,
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during your research,

Legend Power Systems will not initiate legal action against you. We consider your research to be conducted in good faith if you adhere to this policy.

3. Submission Process

To report a vulnerability, please send an email to [email protected] with the following details:

  • A description of the vulnerability and its impact,
  • Detailed steps to reproduce the vulnerability,
  • Any potential exploit scenarios.

4. Response Process

  • We will acknowledge receipt of your report within 5 business days.
  • We will respond with our findings, intended actions, and any updates within 20 business days from the initial acknowledgment.

Thank you for your contribution to the security of our systems.

Legend Power Systems Security Team
[email protected]