Reporting Guidlines
Security Issue Reporting Guidelines
Steps to Report a Vulnerability.
Please report any potential or real security vulnerability claim to the Yale Security Resources Team via email at productsecurity@assaabloy.com. Please encrypt your email with PGP and this public key.
Please include the information below in your email report:
- First and last name
- Company name
- Contact phone number (optional)
- Preferred email contact
- General description of vulnerability
- Product containing vulnerability (hardware & software versions), part numbers
- Tools, hardware and other configurations required to trigger the event
- Any security or service pack updates applied
- Document instructions to reproduce the event
- Sample code, proof of concept or executable used to produce event
- Definition of how the vulnerability will impact a user including how the attacker could breach security on-site
- Affected product
- System Details
- Technical Description and steps to reproduce
- Proof of Concept (provide link)
- Other parties and products involved
- Disclosure plans/Dates/drivers
- What was the purpose and scope of research being performed when found (context)?