Lely Coordinated Vulnerability Disclosure Policy

Our policy

At Lely, we are committed to maintaining the highest standards of security for our users and stakeholders. As part of our dedication to transparency and accountability, we encourage responsible disclosure of any security vulnerabilities found in our systems, network, or services. Our Coordinated Vulnerability Disclosure (CVD) policy outlines the procedures and principles for reporting vulnerabilities to us. 

Reporting Vulnerabilities:

If you discover a security vulnerability within our systems or services, we request that you responsibly disclose it to us. To report a vulnerability, please email our security team at security@lely.com. We encourage you to provide detailed information about the vulnerability to help us understand and address the issue effectively. This may include: 

  • Description of the vulnerability 

  • Steps to reproduce the vulnerability 

  • Any supporting evidence or proof of concept 

  • Your contact information for further communication 

Guidelines for Responsible Disclosure: 

  • Do not exploit the vulnerability: Please refrain from exploiting the vulnerability for any malicious purposes or for personal gain. 

  • Do not disclose the vulnerability publicly: Until we have had an opportunity to assess and address the issue, we request that you refrain from disclosing the vulnerability to third parties or publicly disclosing details about it. 

  • Cooperate with us: We appreciate your cooperation in providing us with the necessary information to investigate and resolve the vulnerability promptly.

Our Commitments: 

  • Prompt Response: Upon receiving your report, we will acknowledge it within 3 days. Our security team will review the report and work diligently to validate and address the vulnerability. 

  • Confidentiality: We will treat all reports with the utmost confidentiality and respect for your privacy. We will not disclose your identity or the details of the vulnerability without your consent, except as required by law. 

  • Regular Updates: We will keep you informed of our progress in addressing the reported vulnerability and will notify you once it has been resolved. 

Legal Protections: 

We will not pursue legal action against individuals who report vulnerabilities to us in good faith and in accordance with this policy. However, we reserve the right to take legal action against those who engage in malicious activities or violate our terms of service. 

Contact Us: 

For questions or concerns about our Coordinated Vulnerability Disclosure policy, please contact our security team at security@lely.com

This policy aims to provide clear guidelines for responsible disclosure while reassuring reporters of our commitment to addressing vulnerabilities promptly and maintaining their confidentiality.