Traditional Stoves
Traditional Stoves
Contemporary Stoves
Contemporary Stoves
Choosing the right stove
Hearth Mounted Fires
Hearth Mounted Fires
Inset Fires
Built-in Fires
Wall Mounted Fires
Wall Mounted Fires
Freestanding Fires
Freestanding Wood Burning Fires
Choosing the right fire
Traditional Fireplaces
Traditional Fireplaces
Contemporary Fireplaces
Contemporary Fireplaces
Mantels
Mantel
Choosing the right fireplace

Vulnerability Disclosure Policy

Stovax Gazco Ltd is committed to safeguarding and protecting our customers, our information and any other information entrusted to us.

   

This means we take cyber security issues very seriously and recognise the importance of privacy, security, and community outreach. As such, we are committed to addressing and reporting security issues through a coordinated and constructive approach; designed to drive the greatest protection for technology users and protection of information relating to our company, customers, consumers and employees.

When properly notified of legitimate issues, we will do our best to acknowledge your vulnerability report, assign resources to investigate the issue and solve potential problems as quickly as possible. Whether you are a user of Stovax Gazco Ltd products, a software developer or simply a security enthusiast, you are an important part of this process.

Reporting Security Issues

If you believe you have discovered a vulnerability in a Stovax Gazco Ltd asset / system or have a security incident to report, please send an email to our team.

In all cases, you must:

  • Respect our privacy. Contact us immediately if you access anyone else’s data, personal or of any other kind. This includes usernames, passwords and other credentials. You must not save, store or transmit this information.
  • Act in good faith. You should report the vulnerability to us with no conditions attached.
  • Work with us. Promptly report any findings to us, stop after you find the first vulnerability and request permission to continue testing. Allow us a reasonable amount of time to resolve the vulnerability before publicly disclosing it.

And you must not:

  • Exfiltrate data. Instead use a proof of concept to demonstrate a vulnerability.
  • Exploit a vulnerability to disable further security controls.
  • Perform social engineering.
  • Use automated scanners.

Please note that there is a separate procedure for reporting incidents that include personal data (personal data breaches). For more information, see Stovax Gazco Ltd’s Privacy Policy.

 

Post-Report Process

Upon receipt of a vulnerability / security report, Stovax Gazco Ltd will undertake a series of steps to address the issue:

  1. Stovax Gazco Ltd requests the reporter to keep any communication regarding the vulnerability confidential.
  2. Stovax Gazco Ltd investigates and verifies the vulnerability.
  3. Stovax Gazco Ltd addresses the vulnerability and releases an update or patch to the software. If for some reason this cannot be done quickly or at all, Stovax Gazco Ltd will provide information on recommended mitigations.
  4. Stovax Gazco Ltd will keep the reporter informed of the progress with an initial acknowledgment within 5 business days of receipt and with an aim to provide subsequent status updates on a monthly basis.
  5. After a resolution has been published, Stovax Gazco Ltd will determine whether the vulnerability reporter is entitled to receive a reward or bounty for the finding.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services and better protect our customers. Thank you for working with us through the above process.


Ignite your inbox with exclusive content!

Sign up to our newsletter and receive the latest news and updates, including product launches, offers and promotions, exclusive giveaways and competitions, as well as seasonal tips and advice.

Subscribe Now!