Security
Security reporting for Embeint and Infuse-IoT
If you believe you have found a security vulnerability affecting Infuse-IoT or an Embeint-operated service, report it through the channel below so we can investigate and respond.
Disclosure
Coordinated vulnerability disclosure
Embeint supports coordinated disclosure for vulnerabilities affecting Infuse-IoT and Embeint-operated cloud services.
Please include a clear description of the issue, affected components or versions, reproduction steps if available, and any supporting logs, traces, or proof-of-concept material needed to validate the report.
Please do not publicly disclose the vulnerability until Embeint has had a reasonable opportunity to investigate, remediate, and coordinate any required customer or public communication.
For vulnerabilities in third-party components such as Zephyr, reporters may also choose to contact the upstream project directly through its own disclosure process where relevant.
Scope
What to report here
This page covers Embeint-managed products and services. Customers remain responsible for security reporting channels covering their own end products.
Infuse-IoT SDK
Potential vulnerabilities affecting the SDK, release artefacts, or Embeint-maintained libraries can be reported to security@embeint.com.
Infuse-IoT Cloud
Potential vulnerabilities affecting the Embeint-operated platform, APIs, and update delivery mechanisms can be reported to security@embeint.com.
Customer products
This channel does not replace the need for product-specific reporting channels for end products built by Embeint customers.