Scope

This policy applies to any digital assets owned, operated, or maintained by Swegon or our subsidiaries.

Our Commitments

When engaging with us according to this policy, you can expect us to:

• Acknowledge the receipt of your security issues report, and
• provide status updates until the resolution of the reported security issues.

Our Expectations

When engaging with us according to this policy, we ask that you:

• Notify us as soon as possible after you discover a real or potential security issue
• Use only the below form as the initial point of contact to report security issues or ask questions
• Avoid violating the privacy of others or disrupting our systems.

Point of Contact

Please report security issues or ask questions by submitting them through this form.

• In your report, include all relevant information, such as:
• Affected products or services.
• A clear proof of concept demonstrating the potential impact of the vulnerability.
• Steps to reproduce the security issue.
• (Optional) Your contact details, so we can follow up with additional questions or updates.

The more details you provide, the easier it will be for us to triage and resolve the issue.

Legalities

When you report security issues in good faith and in accordance with this policy, we will not initiate or support legal action against you for accidental violations of the policy. However, this policy does not authorize any actions that violate the law or place us in breach of legal obligations.
 
If at any time you are uncertain whether your activity aligns with this policy, feel free to use the reporting form for questions before proceeding further.