The security of our customers is a top priority for Plasma Cloud. All our products are developed with security as a central focus, evident in a wide array of protective measures. These encompass advanced permission management to eliminate password sharing, cloud-managed security updates, minimal data collection with full GDPR compliance, optional two-factor authentication, and additional safeguards.
PSTI Compliance Statement
Plasma Cloud announces that all of our active products fully comply with the applicable security requirements in Schedule 1 of The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2024, as required in the United Kingdom.
Secure defaults
Sensible defaults providing maximum security are essential to Plasma Cloud's security philosophy. These defaults foster best security practices without burdening users with complex configurations or prior knowledge. Notable examples include:
- SSH device access disabled;
- Randomized WPA passwords;
- WPA3 WiFi encryption (with firmware 4.0);
- No unnecessary services are running on Plasma Cloud hardware, minimizing the potential attack surface (i.e., no HTTP servers on Access Points)
Report a Security Issue
If you believe you have found a security issue, please submit a report to our support team here, or by email at support@plasma-cloud.com.
Please include the following information in your report:
- Type of issue (cross-site scripting, SQL injection, remote code execution, etc.);
- Device model and firmware version with the bug or the relevant Plasma Cloud Console page;
- The potential impact of the vulnerability (i.e. what data can be accessed or modified);
- Step-by-step instructions to reproduce the issue;
- Any proof-of-concept or exploit code required to reproduce (if applicable).
Users who submit a vulnerability report will receive a confirmation of the receipt of a submitted vulnerability report and status updates until the reported issue is resolved.
Automated Scanner Reports
Kindly be advised that bulk reports generated by automated scanners are not considered valid for submission. Should you detect any issues using an automated scanner, please engage a security practitioner to thoroughly review the findings, ensuring their validity, before proceeding to submit a vulnerability report to Plasma Cloud.
Public Disclosure
Should you discover a security vulnerability, Plasma Cloud kindly requests that you provide our team with reasonable notice and adhere to a waiting period of 15 business days before making the issue public. This time period enables Plasma Cloud to promptly provide a solution, safeguarding our customers before the security concern reaches public awareness, potentially escalating into a larger threat.
Comments
0 comments
Article is closed for comments.