Vulnerability disclosure policy

If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines the steps for reporting vulnerabilities to us, what we expect from you, and what you can expect from us.

Scope

This policy applies to any digital assets owned, operated, or maintained by Swegon or our subsidiaries.

Our Commitments

When engaging with us according to this policy, you can expect us to:

Acknowledge the receipt of your security issues report, and
rovide status updates until the resolution of the reported security issues.

Our Expectations

When engaging with us according to this policy, we ask that you:

Notify us as soon as possible after you discover a real or potential security issue,
use only the Official Channel to discuss the vulnerability with us, and
avoid violating the privacy of others or disrupting our systems.

Point of Contact

Please report security issues via this form, providing all relevant information, such as:

Affected products or services,
steps to reproduce the security issue, and
optionally, your contact details.

The more details you provide, the easier it will be for us to triage and fix the issue.

Legalities

When reporting security issues according to this policy, we will not initiate or support legal action against you for accidental, good-faith violations of this policy. However, this policy does not authorize any actions that violate the law or place us in breach of legal obligations.

If at any time you have concerns or are uncertain whether your activity is consistent with this policy, please submit a report through our Official Channel before proceeding further.