Responsible
vulnerability
disclosure form

 

Easee works hard to keep our products and customers secure. When a security researcher or other external actor discovers a security issue in a public product and reports the issue to its vendor, it is important that both the reporter gets the deserved recognition, and the product and its users are kept secure.

The process of achieving both is called responsible disclosure. This process not only contributes to protecting the company, but also to protecting its users from damage. This process also protects the researchers from legal actions, provided that the guidelines in this document are followed. 

How to research

To protect our customers and partners, there are some rules that we require that all researchers follow:

Rules Pluss

  • Only target accounts and information that you own. 
  • Only target products and vulnerabilities that are in scope (see below)
  • If any security issue that is found on the website exposes other people’s personal information, please refrain from actively accessing this information. If you accidentally access any such information, please stop the test, and report the findings to us immediately in the form on this page.
  • All research must be done in good faith. Attacking our infrastructure in a way that disrupt or damage our services, or triggers alarms in our threat detection systems services is not considered good faith. Typically, this will be:
  1. Performing “script kiddies” attacks
  2. Any denial-of-service attacks.
  3. Successfully use a known vulnerabilities or zero-day attack to inject code into our services.
  4. Attempting to accessing other people’s accounts and information
  5. Attempting to access our employee’s information.
  • Only collect information that is needed for the vulnerability report.
  • Do not disclose any details about the vulnerability to anyone until we confirm that we have fixed the issue.

In scope Pluss

  • Easee.cloud website 
  • Api.easee.cloud rest API 
  • Easee apps on Android and IPhone.  
  • Chargers 
  • Equalizers 

How to report

Please report the issue using the form on this webpage. 

  • Give a brief explanation of the vulnerability. 
  • The report should, if possible, contain a minimal test case which demonstrates the issue. 
  • After the report has been sent in, please securely delete all data that was collected during the research.  
  • Please attach any relevant screenshots and other files to the report. 

Our responsibility

In short, if you find a previously unknown security issue in our products and report it to us, we will respond promptly with a ticket number, and you will be given a contact point for further communication. 

Read more Pluss

We will work with you to analyse and understand the issue. If the issue is confirmed and meets our requirements, we will negotiate a timeline for fixing the issue. This timeline may vary according to the difficulty of implementing a fix. We will handle your report in a confidential and secure manner.  

If the timeline concludes with us having actioned changes to our system to mitigate the issue, Easee will publicly recognise your contribution. Please note that we currently do not offer a paid bug bounty program.

To encourage responsible disclosure, we will not take legal actions if the research is conducted in a responsible manner and Easee finds that the requirements above have been followed.