Introduction
Telecom Mechanical Solutions (TMS) is committed to maintaining the security and integrity of our systems and services. We recognize the important role that security researchers and external parties play in helping us protect our customers and assets.
This Responsible Disclosure Program provides a channel for external parties to report potential security vulnerabilities in a safe, structured, and responsible way.
Scope
This program applies to all TMS products, services, websites, and infrastructure unless otherwise excluded. Out-of-scope items include:
- Physical attacks against company offices or employees
- Social engineering (phishing, impersonation, etc.)
- Attacks against third-party providers outside of our control
How to Report a Vulnerability
If you believe you have discovered a security vulnerability, please notify us as soon as possible:
🔗 Web form below
When submitting a report, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Impact assessment (what could happen if exploited)
- Any suggested mitigation or fix
Our Commitment
When you report a vulnerability in good faith and comply with this policy:
- We will acknowledge your submission within 10 business days.
- We will provide regular updates on the status of your report.
- We will notify you when the vulnerability has been remediated.
- We will not pursue legal action against researchers who comply with this policy.
Safe Harbor
We ask that you:
- Do not exploit or publicly disclose vulnerabilities before remediation.
- Do not access, modify, or delete data that does not belong to you.
- Do not conduct tests that could disrupt services for other customers.
As long as you follow these guidelines, TMS will consider your actions authorized, and we will work with you in good faith.
Remediation & Tracking Process
- Intake & Acknowledgement: Every report is logged and assigned a case number.
- Validation: Our security team reproduces and assesses severity.
- Remediation: Vulnerabilities are prioritized and addressed based on risk.
- Communication: The reporter is kept informed throughout the process.
- Closure: Once resolved, the case is documented and closed, and the reporter is notified.