Snom SIP Phone Software Security Updates

Securing your device with the latest software updates is our top priority. We are committed to ensuring that our SIP Phones, and any associated applications, are able to receive critical security updates for a minimum of three years from date of purchase, except the products set as EoS.

Vulnerability Disclosure Policy

  1. Introduction
    Snom is committed to ensuring the security of its customers by protecting their personal information from unwarranted disclosure. This policy is intended to give clear guidelines to security researchers on conducting vulnerability discovery activities and identification of any vulnerabilities discovered, along with a process for reporting these to Snom.
     
  2. Out of Scope Vulnerabilities
    This Policy does not apply to assets or other equipment owned by third parties. Vulnerabilities discovered or suspected in respect of the out-of-scope assets or equipment should be reported to the appropriate vendor or applicable authority.
     
  3. Guidelines

    To participate in the Snom vulnerability disclosure programme, participants must::

    • comply with all applicable laws;

    • comply with this policy and any other applicable agreements. This policy shall always prevail in case of any discrepancy or inconsistency with any other applicable agreements;

    • share the details of the security issue with Snom;

    • send vulnerability reports or security concerns to the email specified in this policy;

    • allow a reasonable time for Snom to analyse and/or resolve the issue before disclosing it publicly;

    • not access or modify Snom or user data, without explicit permission of the owner and contact Snom immediately if user data is inadvertently encountered;

    • only interact with accounts set up or test accounts provided for security research purposes;

    • avoid privacy violations, destruction of data, and interruption or degradation of our services (including denial of service);

    • not perform exfiltration of data; and

    • not engage in extortion.
       

  4. Reporting a Vulnerability or Security Concern
    Prepared reports with any discovered vulnerabilities or suspected security concerns, should be sent by email to security@snom.com. We will investigate and make every effort to correct the vulnerability and/or address concerns. In order to help Snom follow up concerns, we request reports in English (if possible), including the following information:

    • i) the location the product was purchased;

    • ii) the location the vulnerability or security concern was discovered;

    • iii) the potential impact of the vulnerability or security concern;

    • iv) a detailed description of the steps needed to reproduce the vulnerability or security concern, which may include proof of concept scripts and screenshots; and

    • v) steps that can mitigate the vulnerability or security concern.

      Reports may be submitted anonymously. Snom will acknowledge receipt of a security issue(s) report as soon as practicable and will provide status updates until the resolution of the reported security issue(s).
       

  5. Disclosure to Third Parties
    If the issue reported affects a third-party library or other vendor, we reserve the right to forward the relevant details to that party without giving prior notice.
     

  6. Authorization

    If a security researcher complies with this policy in conducting vulnerability discovery activities, we will consider those activities to be authorized. We will not initiate nor recommend any law enforcement or civil actions related to such activities.

    We do not authorize, permit, or otherwise allow (expressly or implicitly) any person or legal entity to engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law. Any activities that are inconsistent with this policy or the law may lead to criminal and/or civil liabilities.

    If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this Policy.

    If at any time you have concerns or are uncertain whether your security research is consistent with this Policy, you are encouraged to discuss it with us before you go any further. You may contact us by sending an email to security@snom.com.
     

Date published: 29/04/2024

Persona di contatto

Sede centrale di Berlino

+49 30 - 39833-0
Orari d'ufficio: Lun-Ven 9.00-17.00 (CET)

 

Inhouse Sales
Inhouse Sales

language Sales DACH

phone +49 30 39833 0

mail_outline website@snom.com

Luoghi

Snom Technology GmbH
Aroser Allee 66
13407 Berlino

Telefono: +49 30 39833-0
Fax: +49 30 39833-111

info@snom.com
www.snom.com

Contatti

Ricerca di aiuto

State cercando assistenza per un problema, un manuale, una risposta alla vostra domanda o l'ultimo firmware per il vostro dispositivo Snom?

Abbiamo creato lo Snom Service Hub per fornirvi tutto ciò di cui avete bisogno.

 

Snom D865

Thank you for visiting the Snom website

Please choose the regional Snom website you would like to visit.


For the United States, Canada, Central and South America:

Snomamericas.com


For the Rest of the World:

snom.com