Reporting Guidelines

Security Issue Reporting Guidelines

Steps to Report a Vulnerability.

Please report any potential or real security vulnerability claim to the Yale Security Resources Team via email at security@assaabloy.com. Please encrypt your email with PGP and this public key.

Please include the information below in your email report:

  • First and last name

  • Company name

  • Contact phone number (optional)

  • Preferred email contact

  • General description of vulnerability

  • Product containing vulnerability (hardware & software versions), part numbers

  • Tools, hardware and other configurations required to trigger the event

  • Any security or service pack updates applied

  • Document instructions to reproduce the event

  • Sample code, proof of concept or executable used to produce event

  • Definition of how the vulnerability will impact a user including how the attacker could breach security on-site

  • Affected product

  • System Details

  • Technical Description and steps to reproduce

  • Proof of Concept (provide link)

  • Other parties and products involved

  • Disclosure plans/Dates/drivers

  • What was the purpose and scope of research being performed when found (context)?