RESPONSIBLE DISCLOSURE POLICY
Introduction
Transatel is committed to maintaining the availability, integrity, confidentiality, and traceability of the information entrusted to it.
However, in the event of a security breach, vulnerability, or data leak related to Transatel is discovered, this page describes our responsible disclosure policy for handling vulnerability reports to notify us of issues.
All reports are welcome, whether you are a security researcher, developer, customer, or individual, if you comply with the following conditions:
However, in the event of a security breach, vulnerability, or data leak related to Transatel is discovered, this page describes our responsible disclosure policy for handling vulnerability reports to notify us of issues.
All reports are welcome, whether you are a security researcher, developer, customer, or individual, if you comply with the following conditions:
Conditions
- Keep information about discovered vulnerabilities confidential.
- Do not use automated tools or attacks such as social engineering (phishing, fraud, etc.), denial of service (DoS, D-DoS), spam, scams, or physical security.
- Do not exploit vulnerabilities more than necessary, for example by downloading more data than required or compromising other people’s data integrity.
- Provide us a way to contact you if you wish to be informed of the outcome.
- Send the results by email to security-disclosure[at]transatel.com (This address is for reporting vulnerabilities only; other inquiries will not be processed.)
- Or, under Article 47 of the French Law for a Digital Republic, to CERT-FR as the competent authority: cert-fr[at]ssi.gouv.fr
- Do not violate any law or regulation beyond what is explicitly covered by this policy.
- Accept our privacy policy without reservation, allowing your report to be processed.
In your report
- Anonymize personal data.
- Include all necessary details to reproduce or verify the security issue (IP, URL, description of the vulnerability, OWASP, CVE, or ATT&CK reference), screenshot, list of affected products and services.
- If applicable, specify the details of any test accounts created.
Processing and confidentiality
Upon receipt, your report will be reviewed by the security team as soon as possible.
We assure you that your report will be handled confidentially, subject to regulatory and legal requirements.
Participation in the reporting process does not confer any intellectual property rights.
If vulnerabilities are discovered and reported in accordance with our Responsible Disclosure Policy, no legal action will be taken against the reporters. However, in cases of non-compliance, we reserve all legal rights.
Finally, at this time, we do not offer or participate in any Bug Bounty program.
We assure you that your report will be handled confidentially, subject to regulatory and legal requirements.
Participation in the reporting process does not confer any intellectual property rights.
If vulnerabilities are discovered and reported in accordance with our Responsible Disclosure Policy, no legal action will be taken against the reporters. However, in cases of non-compliance, we reserve all legal rights.
Finally, at this time, we do not offer or participate in any Bug Bounty program.