Security & Vulnerability Disclosure
Last updated
We take the security of our website and systems seriously and welcome reports from security researchers and users. This policy explains how to report a suspected vulnerability and what you can expect from us.
1. Scope
This policy applies to internet-facing systems that we own or operate, including the website at equateinstruments.com. Third-party services we rely on (such as our hosting or email providers) are governed by their own disclosure programmes.
2. Safe harbour
If you make a good-faith effort to comply with this policy during your research, we will consider your activity authorised, will not pursue or support legal action against you for it, and will work with you to understand and resolve the issue quickly. Good faith means avoiding privacy violations, data destruction, service disruption, and access to more data than necessary to demonstrate the issue.
3. How to report
Please report suspected vulnerabilities to info@equateinstruments.com with enough detail to reproduce the issue (affected URL/endpoint, steps, and impact).
- Do not publicly disclose the issue until we have had a reasonable opportunity to remediate it.
4. What to expect
- Acknowledgement of your report within 5 business days.
- A triage assessment and, where valid, a remediation plan and timeline.
- Updates on progress and notification when the issue is resolved.
5. Out of scope
The following are generally out of scope: findings from automated scanners without demonstrated impact; social engineering or phishing of our staff or customers; denial-of-service testing; physical attacks; and issues in third-party services outside our control.
6. security.txt
Machine-readable contact and policy details are published in accordance with RFC 9116 at /.well-known/security.txt.
Equate Instruments
- Email: info@equateinstruments.com
- Phone: +358 41 584 8098
- Registered office: Finland
