Philio is a technology development company that has been in the market since 2012. Originally from Taiwan, Philio’s expertise lies in the development of internet of things (IoT) and modern home automation. Philio technology aims at developing consumer friendly products that provide security and energy saving for your home or business.
Philio products include but are not limited to gateways, access control management, temperature sensors, humidity sensors, illumination, smoke sensors, gas sensors, and other. Philio utilizes different protocols such as Z-Wave, ZigBee, ULE, WiFi, LoRa and other related wireless technology product.
Philio is committed to providing good quality technology that’s affordable for everyone.
Philio Protocols
Vulnerability Disclosure Policy
1. Introduction
We understand the importance of security researchers in assisting us in maintaining a high level of security and privacy. Coordination of vulnerability research, mitigation, and disclosure is part of this policy. This policy defines good faith in the context of detecting and reporting vulnerabilities.
2. Scope
This policy applies to all individuals who engage in security testing and vulnerability discovery against Philio-tech.com, its subdomains and non-Philio-tech products. By participating in vulnerability discovery, all individuals agree to abide by the terms and conditions outlined in this policy.
3. Guidelines
Under this policy, “research” means activities in which you:
• Notify us as soon as possible after you discover a real or potential security issue.
A comprehensive report includes:
• Clear explanation of the issue(s) and the observed behavior, as well as the expected behavior.
• Detailed information about the affected product (e.g serial number and description) or website (e.g url).
• A detailed list of the steps needed to reproduce the problem.
• Reliable evidence for the issue you are describing.
• Specifics about any related issues.
• Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
• Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
• Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.
• Do not submit a high volume of low-quality reports. Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
4. Responsible Disclosure
Philio encourages responsible disclosure of security vulnerabilities. Reporters of any vulnerability are expected to refrain from publicly disclosing the vulnerability until Philio has had sufficient time to investigate and address the issue. We commit to acknowledging receipt of the report within five (5) business days and will provide regular updates on the status of our investigation.
5. Legal Compliance
Researchers must ensure that all activities conducted during their security research comply with applicable local, regional, and international laws, regulations, and policies. Philio will not provide any legal assistance or protection to researchers involved in illegal or unauthorized activities.
6. Contact information
For any questions, concerns, or reports related to security vulnerabilities or this Security Policy, please write to philio_support@philio-tech.com