SECURITY
VULNERABILITIES
While implementing good security practices contributes significantly to the protection of information, credentials, intellectual property or assets, there is no perfect solution to make a system or product impossible to attack. Since the security of our products is of critical importance to us and our customers, we take any reports of potential security vulnerabilities seriously.
The AMG Product Security Team is responsible for receiving and responding to reports of potential security vulnerabilities in our products, as well as in any related hardware, software, firmware, and tools. Once a report is received, the Product Support Team will take the necessary steps to review the issue and determine what actions might be required to address any potential impacts to our products.
Reporting A Security Vulnerability
Please inform us immediately if you find a potential vulnerability in AMG's products by sending an e-mail in English to security(@)amgsystems.com including the information listed below:
- Your contact information
- Product model number
- Firmware or software version
- Equipment and software needed to replicate the issue
- Steps to replicate the issue (attach images or code if available/applicable)
- Date when the vulnerability was detected and details about how it was discovered
- Detailed technical description of the potential vulnerability
- Description of how attackers can take advantage of the vulnerability
- Packet capture (use a tool like Wireshark)
- Name of the person who found the vulnerability
Due to the sensitive nature of the information being exchanged, the AMG Product Security Team highly recommends that all security vulnerability reports are encrypted using the AMG Systems public PGP/GPG key before being submitted. You can download this key using the button below:
Fingerprint: 0143 095B 7F3D 2F5D
How AMG Responds to Reports
AMG's Product Security Team will use the following steps to respond to report of a potential security vulnerability:
- Notification: AMG receives the report and acknowledges the receipt of the information
- Review: AMG reviews the information provided to determine if an AMG product is indeed affected and if there is sufficient data in the report to begin an investigation
- Analysis: Once all the necessary information is received, AMG does an in-depth technical investigation into the reported potential vulnerability
- Corrective Actions: If the security vulnerability is verified, AMG takes the appropriate actions for remediation of the issue
- Disclosure: AMG communicates information about the verified vulnerability where appropriate and may make details about the remediation actions available in a security advisory notice or a product bulletin
Our Responses to Reported Vulnerabilities
There are no reported vulnerabilities at this time.