Katun Corporation
Vulnerability Disclosure Policy
This policy is intended to provide security researchers with information on how to report discovered vulnerabilities to Katun Corporation. The reporting process is based on ISO/IEC 29147.
How to Report a Vulnerability
Please access the following form to report a vulnerability regarding our products.
- Vulnerability report form
Please be sure to fill out the following items in the form.
-
-
- Contact information (first name, last name, email address)
- Product name(s)
- Software/Firmware version(s)
- Details (please include the possible cause and procedure to reproduce the vulnerability)
-
Please describe in English.
NOTE: After we respond to you and start our communication, we would like you to send as much of the following information as possible.
-
-
- Proof of concept (PoC) scripts
- Screenshots
- Names of the tool(s) required for reproduction.
-
Scope
This policy applies to Katun Corporation products such as multifunction devices and printers. Products that we do not support are excluded from scope.
Our Response
Within five business day from the day we received the vulnerability report, we will contact your email address specified in the form. During the period of our holidays (such as Christmas Holidays, New Years Holidays, etc.), the reply may be delayed.
We will contact you again after we confirm whether the vulnerability exists in our products. If the vulnerability exists, we would like to coordinate the schedule of the fix and the publication of the security advisory with you.
Publication of the Security Advisory
We will coordinate the publication schedule with you and other related members and post the security advisory on the following page on our company website or the support page for each product available for registered users only as promptly as possible.