Vulnerability Disclosure Policy

This policy outlines how to report any vulnerabilities you may find. We encourage you to read through this policy carefully before making a report, and to ensure your submission aligns with its guidelines. We appreciate the effort it takes to inform us about security vulnerabilities in this manner. Please note that we do not provide financial compensation for reported vulnerabilities.

Support

For further information on the support of all updateable components, go to: TuyaOS Development Framework

Reporting a Vulnerability

Please click here to report a vulnerability. To help us review and respond efficiently, please include the following details in your submission:

Date discovered – When you first identified the issue
Location – What part of the website, system, or product it relates to
Steps to reproduce – A clear description or example of how the issue can be triggered
Suggestions – Any ideas or guidance for resolving the issue (if available)

We appreciate your help in keeping our platform safe.

We will communicate with you, the reporter, via e-mail. First receipt of the vulnerability report within 7 days. After this the reporter will be contacted in case of any question. No later than 90 days after receiving a vulnerability report a fix or warning will be published. Warning will be withdrawn after a fix is released.