vulnerability response


Amentum Aerospace endeavours to develop products of the highest quality and security. In the ever-changing cyber security landscape, vulnerabilities may be identified by ourselves or security researchers over time. A security vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Once notified, we are committed to resolving reported security and vulnerability issues in a timely manner to protect the information and privacy of our users.

reporting vulnerabilities

We recommend that security researchers send an email to our team with a description, steps to reproduce, any remediation recommendation if known, and the string "[VULNERABILITY]" in the title, to the following address: [email protected]. We will then:

  • acknowledge receipt of the report;
  • collaborate with the researcher to validate, reproduce, and identify a fix;
  • resolve the vulnerability as quickly as possible;
  • if necessary, release a security bulletin for the fix; and
  • acknowledge individual or company security researchers along with a link to their own website or charity of choice.
Please note: we do not accept unsolicited requests for payment in exchange for disclosed vulnerabilities. Any future bug bounty programs will operate through a third party.

acknowledgements

We would like to extend our gratitude to the following security researchers or teams who have reported security vulnerabilities to us. We acknowledge their excellent work and thank them for helping us improve the security and safety of our users' information and privacy.

Disclosures for 2021

Back to Amentum Aerospace website