Home Protected: UV Connectivity Pilot Project Product Security Disclosure Process

Product Security Disclosure Process

In response to potential threats to cybersecurity, Trojan Technologies has formed a product security team in cooperation with the Danaher Water Quality group to assess vulnerabilities and determine responses within a coordinated vulnerability disclosure (CVD) process. These efforts allow the company to continually learn from vulnerability test information submitted to us by customers and security researchers.

For the latest product detail information, please visit the product security updates page.

Scope

This CVD process applies to the reporting of potential cybersecurity vulnerabilities in Trojan Technologies products and services. For customer support help requests, technical documents and regulatory contacts and notifications, please contact streamsecurity@trojantechnologies.com.

Contact Information and CVD Submission Process

Potential security vulnerabilities or privacy issues with a Trojan Technologies product should be reported to streamsecurity@trojantechnologies.com. Secure emails and attachments may be sent using the attached PGP public key to the same email address. We ask that you please refrain from including sensitive information (e.g., sample information) as a part of any submissions to Trojan Technologies. Please provide the following information in your submission:

  • Your contact information (e.g., name, address, phone number, and email)
  • Date and method of discovery
  • Description of potential vulnerability
    • Product name
    • Version number
    • Configuration details
  • Steps to reproduce
    • Tools and methods
    • Exploitation code
    • Privileges required
  • Results or impact

What Happens Next

Upon receipt of a potential product vulnerability submission, Trojan Technologies will:

  • Acknowledge receipt of the submission within five (5) business days
  • Work with specialized product teams to evaluate and validate reported findings
  • Contact the submitter to request additional information, if needed
  • Take appropriate action

Disclaimer

Trojan Technologies considers it a top priority to protect the health and safety, as well as the personal information, of our customers. When conducting your security research, please avoid actions that could cause harm to your products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a live treatment setting. If there is any doubt, please contact a Trojan Technologies representative. Trojan Technologies reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested.

CAUTION: Do not include sensitive information (e.g., sample information etc.) in any documents submitted to Trojan Technologies. Comply with all laws and regulations in the course of your testing activities. By contacting Trojan Technologies, you agree that the information you provide will be governed by our site’s Privacy Policy and Online Terms of Use.

Note: When sharing any information with Trojan Technologies, you agree that the information you submit will be considered non-proprietary and non-confidential and that Trojan Technologies is allowed to use such information in any manner, in whole or in part, without any restriction.