Our Values

ntrustlabs works Pvt. Ltd a security service provider and research organization, strongly believes that a constructive and coordinated disclosure is the best approach to address and fix a vulnerability. We also believe that these contributions to the security community will be helpful to reduce attack surfaces or vectors against diverse and ever changing threats.

Scope

ntrustlabs vulnerability disclosure policy applies to any third party vendor products to whom ntrustlabs will assign the CVEs for vulnerabilities, if the product is not a part of another CNA scope.

Policy

Once a security issue is found the following steps will be taken by ntrustlabs to notify the respective parties to fix it The ntrustlabs coordinated vulnerability disclosure process involves five basic steps:

Our research fits broadly within five mutually-supporting themes:

• Collection: ntrustlabs collects vulnerability reports in three ways: ntrustlabs vulnerability analysis, monitoring public sources of vulnerability information, and direct reports of vulnerabilities to ntrustlabs. After receiving a report, ntrustlabs performs an initial analysis to assess a vulnerability’s presence and compare with existing reports to identify duplicates. ntrustlabs then catalogs the vulnerability report, including all information that is known at that point.
• Analysis: Once the vulnerability reports are catalogued, vendor(s) and ntrustlabs analysts work to understand the vulnerabilities by examining the technical issue and the potential risk the vulnerability represents.
• Mitigation: After analyzing a vulnerability, ntrustlabs will continue to work with the affected vendor(s) for mitigation development and the issuance of patches or updates.
• Application of Mitigation: When possible and where necessary, ntrustlabs may work with vendor(s) to facilitate sufficient time for affected end users to obtain, test, and apply mitigation strategies prior to public disclosure.
• Disclosure: In coordination with the source of the vulnerability report and the affected vendor(s), ntrustlabs will take appropriate steps to notify users about the vulnerability via multiple channels. ntrustlabs strives to disclose accurate, neutral, objective information focused on technical remediation and mitigation for asset owners and operators. ntrustlabs will make references to available related information and correct misinformation where necessary.

For the latest news, research, security, and projects from the ntrustlabs works.
ntrustlabs is always open to feedback and suggestions. If you would like to contact us, please feel free to email at disclose@ntrustlabs.com