Innova Software Processing Plant Development (1)

Responsible disclosure

On this page, security researchers who aim to identify security vulnerabilities can find the necessary information to disclose vulnerabilities to Marel. Please adhere to the rules listed on this page for Responsible Disclosure.

It will take time to handle each stage of the process with the appropriate attention. However, Marel will inform you when progress is made during the significant phases of our responsible disclosure process.

Abstract (6).jpg

Introduction

Marel follows a responsible disclosure process to manage the discovery and reporting of security vulnerabilities in its software and systems in a controlled and coordinated manner. This process enables you to disclose vulnerabilities that you have discovered in a safe and ethical manner. By doing so, you allow Marel to address the reported vulnerabilities before they are exploited by malicious actors. Responsible disclosure helps to improve the overall security of Marel and protect its business partners, employees and other stakeholders from potential harm. Finally, the responsible disclosure process aims to build trust between security researchers and Marel to raise a positive and productive relationship between them.

Abstract (3).jpg (2)

Rules for Issuing a Report

Do’s

Please report on:

  • Vulnerabilities found in public facing Marel websites.
  • Vulnerabilities found in Marel products, including Software.
  • Please encrypt sensitive information by use of our PGP-key (provided below).
Don’ts
Please do not report
  • Security threats that are not vulnerability related: such as DDOS attacks.
  • Security issues resulting from social engineering or phishing.
Abstract 6.jpg

Guidance for submission

  1. Only disclose found vulnerabilities by mailing to responsibledisclosure@marel.com and encrypting the required information with our PGP key (found below).
  2. Include your contact information: name/handle and contact details for follow-up-communications.
  3. Include a technical explanation of the found vulnerability including parameters such as the used OS, used infrastructure, related versions, and any other relevant information. For web-based vulnerabilities please include the URLs, browser details, and any other relevant information.
  4. If available, include your proof-of-concept, and other details or configurations used to identify the vulnerability.
  5. Include, if available, the threats you have identified and whether you have seen the vulnerability being exploited in the wild, ensure that these details are PGP-encrypted as well.
  6. If a vulnerability tracking number (CVE) is available, or if you are in the process of requesting one, please include it.
Download PGP Key (txt)
Abstract.jpg

What are the phases of our process?

The Marel Security Team will inform you of the process during the following stages:

  • Receiving the report
  • Acknowledgement of receiving your report
  • Assigning you a point-of-contact (member of the Marel Security Team)
  • Investigating the vulnerability report
  • Implementing a Patch/Fix for the vulnerability
  • Update the reporter of the vulnerability
  • Accreditation in Hall of Honors
  • Closure of the responsible disclosure process
Abstract 5.jpg

Acknowledgement

In recognition of services provided, Marel expresses its gratitude to the following researchers for helping us to improve unity, promote excellence, and secure innovation within our organization. The following individuals were the first to have assisted us in acknowledging or addressing a vulnerability. By doing so, they have demonstrated skill in and a commitment to both helping others and improving security.

Researchers who submit vulnerability reports or conduct testing will be given full credit in any publicly released patch or security fix information if they request it and when it is possible for Marel to do so.

Hall of Honors

  • Pankaj Lakshkar (LinkedIn)
  • Bharath Kalyan
  • Prathamesh Vilayatkar (LinkedIn)
  • Harsh Maheta
  • Nilesh Sanap
  • Vijay Sutar
  • Kartik Garg
  • Parth Narula
  • Shivam Dhingra
  • Vaibhav Jain
  • Prince kumar
  • Shashank Chaudhary (LinkedIn)
  • Mallampati Surendra Reddy (LinkedIn)
  • Yogeswaran M (LinkedIn)
  • Raman Raj (LinkedIn)
  • Hemanth K (LinkedIn)
  • Magashwarahan A (LinkedIn)
  • Joel Mathias
Abstract (1).jpg

PGP

We use PGP (Pretty Good Privacy) to communicate with you for responsibly disclosing vulnerabilities. This provides several benefits like confidentiality, authentication, and non-repudiation.

For that reason, Marel has generated a private and public key-pair (below) for which we ask every user that wants to responsibly submit a security vulnerability to encrypt his findings and send it to responsibledisclosure@marel.com

Kind regards,

Marel Security Team

Download PGP Key (txt)

Login to get full access

Enter password to continue

Wrong password