Securing your device with the latest software updates is our top priority. We are committed to ensuring that our SIP Phones, and any associated applications, are able to receive critical security updates for a minimum of three years from date of purchase, except the products set as EoS.
To participate in the Snom vulnerability disclosure programme, participants must::
comply with all applicable laws;
comply with this policy and any other applicable agreements. This policy shall always prevail in case of any discrepancy or inconsistency with any other applicable agreements;
share the details of the security issue with Snom;
send vulnerability reports or security concerns to the email specified in this policy;
allow a reasonable time for Snom to analyse and/or resolve the issue before disclosing it publicly;
not access or modify Snom or user data, without explicit permission of the owner and contact Snom immediately if user data is inadvertently encountered;
only interact with accounts set up or test accounts provided for security research purposes;
avoid privacy violations, destruction of data, and interruption or degradation of our services (including denial of service);
not perform exfiltration of data; and
not engage in extortion.
Reporting a Vulnerability or Security Concern
Prepared reports with any discovered vulnerabilities or suspected security concerns, should be sent by email to security@snom.com. We will investigate and make every effort to correct the vulnerability and/or address concerns. In order to help Snom follow up concerns, we request reports in English (if possible), including the following information:
i) the location the product was purchased;
ii) the location the vulnerability or security concern was discovered;
iii) the potential impact of the vulnerability or security concern;
iv) a detailed description of the steps needed to reproduce the vulnerability or security concern, which may include proof of concept scripts and screenshots; and
v) steps that can mitigate the vulnerability or security concern.
Reports may be submitted anonymously. Snom will acknowledge receipt of a security issue(s) report as soon as practicable and will provide status updates until the resolution of the reported security issue(s).
Disclosure to Third Parties
If the issue reported affects a third-party library or other vendor, we reserve the right to forward the relevant details to that party without giving prior notice.
Authorization
If a security researcher complies with this policy in conducting vulnerability discovery activities, we will consider those activities to be authorized. We will not initiate nor recommend any law enforcement or civil actions related to such activities.
We do not authorize, permit, or otherwise allow (expressly or implicitly) any person or legal entity to engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law. Any activities that are inconsistent with this policy or the law may lead to criminal and/or civil liabilities.
If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this Policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this Policy, you are encouraged to discuss it with us before you go any further. You may contact us by sending an email to security@snom.com.
Date published: 29/04/2024
+49 30 - 39833-0
Office hours: Mo-Fr 9:00-17:00 (CET)
Sales DACH
+49 30 39833 0
website@snom.com
Please choose the regional Snom website you would like to visit.
For the United States, Canada, Central and South America:
For the Rest of the World: