Security Policy
Last updated: May 2026


1. Introduction

MuLogic BV is committed to ensuring the security of its products.

This policy describes how we handle security vulnerabilities, provide security updates,
and work with the security community.


What Qualifies as a Valid Security Report

A valid report describes a previously unreported, reproducible vulnerability in our products,
with a demonstrable security impact, discovered through good-faith testing.


What Does Not Qualify as a Valid Security Report

Questions about publicly known CVEs or news headlines (please contact support instead),
raw scanner output without manual validation, theoretical issues with no proof of concept,
and low-impact findings such as missing security headers, clickjacking on non-sensitive
pages, or outdated library versions without a working exploit, etc.
Reports must include clear reproduction steps.


2. Reporting a Vulnerability

If you discover a security vulnerability in any MuLogic product, please report it to:
Email: security@mulogic.com

When reporting, please include:

• Product name and firmware version.
• A description of the vulnerability.
• Steps to reproduce the issue.
• The potential impact, if known.
• Your contact information for follow-up.

Vague reports such as "we have discovered something, please contact us" are not
considered valid and will receive no response.

We accept reports in English, Dutch, and German.


3. Our Response

After receiving a valid vulnerability report, we will:

• Acknowledge receipt within 3 business days.
• Provide an initial assessment within 10 business days.
• Work toward a resolution within 90 days, depending on severity and complexity.
• Notify the reporter when a fix is available.

For vulnerabilities that are actively exploited, we will prioritize an expedited response.


4. Coordinated Disclosure

We ask reporters to:

• Demonstrate reproduction of the issue.
• Not exploit the vulnerability beyond what is necessary to demonstrate it.
• Not access or modify data belonging to others.
• Allow us reasonable time to investigate and resolve the issue before any public disclosure.

MuLogic BV will:

• Not pursue legal action against reporters who act in good faith and follow this policy.
• Credit reporters in security advisories, unless they prefer to remain anonymous.

5. Security Updates

For all MuLogic products sold after December 2027, MuLogic BV provides security updates
for a minimum of 5 years after end-of-sale.

Security updates are made available as firmware updates and can be installed through the
product's web interface, or via one of the automated firmware update methods.

Critical security updates will be accompanied by a security advisory describing the vulnerability
and its resolution.


6. Scope

This policy applies to all MuLogic products, including any embedded management software and
web interface.

Third-party components included in the firmware (such as open-source libraries) are covered by
this policy to the extent that they are part of the delivered product.


7. Contact

https://mulogic.com/contact/
Email: security@mulogic.com