Skip to main content

Responsible Disclosure Policy

LESA is committed to the protection of its website (“Site”) and services from security vulnerabilities. We monitor our network and Site for these vulnerabilities, but we accept assistance from our customers or other security researchers who discover a vulnerability in our website or services. We request that these parties abide by the following Disclosure Policy (“Policy”) in reporting discovered vulnerabilities to increase security for all parties.

Report a discovered security vulnerability as soon as possible to LESA at: compliance [at] lesautomotive.com

  • Identify the suspected vulnerability.
  • Suggest steps to enable us to reproduce the issue.
  • Provide your E-mail address and secure mechanism to contact you.
  • Provide your name (and/or colleagues) if you would like to be recognized.

Once You have reported the discovered security vulnerability

  • Do not disclose a bug or vulnerability on public notice boards, mailing lists or other public forums.
  • Allow LESA an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, to ensure that LESA has developed and thoroughly tested a solution.

What we promise:

  • We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date,
  • We will keep you informed of the progress towards resolving the problem,
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission,
  • In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise), and

We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

LESA reserves all legal rights to pursue recourse should you not follow this policy or should it discover your participation in causing the vulnerability.

Because LESA appreciates your assistance it may, at its discretion, provide a reward for your report of vulnerabilities in accordance with this policy.