Disclosure of Vulnerabilities
Disclosure of Vulnerabilities
Security Vulnerability Sending Process
Contact information
Data security, integrity, and availability are our top priorities. We know how important it is to the success of your business. For your peace of mind, we use a multi-layered approach to protect and monitor all information.
We strive to follow industry best practices for security and compliance using frameworks and guidelines such as OWASP, NIST, CIS, and CSA. Data protection: The rest of the data is protected by AES256 encryption and sent over TLS 1.2.
Our SOC, Security Operations Center, is a central unit that is staffed 24/7 and handles organizational and technical security issues. Tasks include, but are not limited to, weekly vulnerability scans, log analysis, anomaly detection, pattern mismatches, threat hunting, firewall policy monitoring, port opening mismatches, and login failures.
Security penetration testing is run by a third party at least once a year. Continuous improvements are made through security architecture reviews, threat intelligence, and threat monitoring. Security Awareness Training Required annual training for all users and additional specific training for operations, support, and security personnel.
Crisis management and incident management training for employees is conducted using both tabletop exercises and various types of gamification.
Disclosure of Vulnerabilities
Yootelco is committed to ensuring the security of our services and your information. We encourage you to report seriously and responsibly about potential vulnerabilities in services, products, systems, or assets manufactured or owned by Yootelco.
Security Vulnerability Sending Process
If you suspect that you have found a vulnerability in a Yootelco service, product, system, or asset, use encrypted communication methods to send the vulnerability information to Yootelco. If you send by e-mail, please send an encrypted file containing the sending details. Now encrypt the file with your public encryption key. For Yootelco to fix the vulnerability, please report it as soon as possible after discovery and provide a detailed summary of the vulnerability if known, including the following information:
Description of what was discovered and how it was discovered
Affected service, product, system, or asset
Replication steps (actions, results, etc.) to allow Yootelco to verify the vulnerability
It provides detailed information about the results, including available clues such as IP addresses, logs, screenshots, etc. Contact information and PGP key. This information can be sent anonymously. Personal information received by Yootelco in connection with submissions will be stored and protected in accordance with the Company's privacy policy and all applicable laws. Yootelco personnel will confirm the receipt as soon as possible, usually within 48 hours. Submit vulnerability information according to the following guidelines.
Do not engage in activities that could harm Yootelco, you or your employees.
Do not engage in activities that may stop or adversely affect Yootelco's services, products, systems or facilities.
Do not engage in activities that violate (a) federal or state laws or regulations, or (b) the laws or regulations of the country in which Yootelco's data, services, facilities, or systems are located. (Ii) Yootelco traffic is forwarded, or (iii) researchers are conducting research activities.
Do not store, share, compromise or destroy personal or customer data. If you encounter personally identifiable information (PII), you should immediately stop working and contact Yootelco.
Do not start fraudulent financial transactions. Please allow reasonable time for Yootelco to address the reported issue before disclosing such information to third parties or publicly.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
Support Teamsecurity@yootelco.com
