Vulnerability Disclosure Policy
How to Report a Security Vulnerability
If you believe you have identified a security vulnerability in one of our products, please report it using the form below.
- Product name and model
- Firmware or software version (if known)
- Description of the vulnerability
- Steps to reproduce the issue
- Any supporting evidence (screenshots, logs, proof of concept)
Note: You are not required to provide personal information beyond what is necessary for us to respond.
What We Ask of You
- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to investigate and address it
- Do not exploit the vulnerability beyond what is necessary to demonstrate the issue
- Avoid accessing or modifying customer data
This helps protect users while we work on a fix.
Our Commitment to You
Acknowledge receipt
Within 5 working days
Assess and investigate
In a timely manner
Keep you informed
Of progress where appropriate
Resolve vulnerabilities
Take reasonable steps to fix
Scope
This policy applies to:
- Internet-connectable products sold by One LED
- Associated firmware, software, and companion applications
Legal Safe Harbour
We will not pursue legal action against individuals who:
- Act in good faith
- Follow this policy
- Avoid data misuse, service disruption, or harm to users
Submit a Vulnerability Report
Alternative Contact
If you are unable to use the form, you may also contact us at: security@oneled.co.uk