At Sonus faber, product security is built into how we design, develop, and support our products, software and related services.

We approach security with the same mindset we apply to all innovation at Sonus faber: continuous improvement, thoughtful engineering, and a strong focus on our customers.

Sonus faber has a dedicated team focused exclusively on product security. This team is responsible for identifying security requirements, conducting technical analysis such as source code review, and evaluating potential risks across the product lifecycle.

Sonus faber maintains a product security framework designed to proactively identify, assess and address potential security defects in our products. Wherever possible, we work to prevent vulnerabilities by incorporating appropriate security measures early in the product lifecycle.

If you believe you have identified a security vulnerability affecting a Sonus faber product, software, or related service, please report it through our online vulnerability submission form hosted by HackerOne.

Sonus faber partners with HackerOne as part of our vulnerability disclosure program to help receive, coordinate, and manage vulnerability reports from the security research community.

Providing the following details, where available, will help us review your report more efficiently:

• Product or software name

• System version

• Steps to reproduce the issue

• Description of the vulnerability and any suggested mitigations

• Potential impact of the vulnerability

Sonus faber reviews all reports that are submitted directly to us. After you submit your research through our online submission form, you will receive an automatic email confirming we have received your report. Most reports will be acknowledged by our product security team within 72 hours.

If you create a free HackerOne account, you will receive periodic status updates on your report and be able to communicate with our team as the report is reviewed.

Please note, Sonus faber will always act on any reported vulnerabilities in a timely manner. However, the timing and frequency of updates may vary depending on the nature and complexity of the issue.