Please report (suspected) security vulnerabilities to devsecops.core@htecgroup.com. You will receive a response from us within 3 business days. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

IMPORTANT: Do not file public issues on GitHub for security vulnerabilities

To report a vulnerability or a security-related issue, please email the private address devsecops.core@htecgroup.com with the details of the vulnerability. Do not report non-security-impacting bugs through this channel.

Provide a descriptive subject line and in the body of the email include the following information:

• Basic identity information, such as your name and your affiliation or company.
• Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
• Description of the effects of the vulnerability on OrbitMI platform and the related hardware and software configurations, so that the OrbitMI Security Team can reproduce it.
• How the vulnerability affects usage of Orbit Platform and an estimation of the attack surface, if there is one.
• List other projects or dependencies that were used in conjunction with OrbitMI to produce the vulnerability.