Report Vulnerabilities to Aura

If you believe you have discovered a security vulnerability in the products of Aura Home Inc (The following will be referred to as Aura), you can fill out the template and send the security issue directly to security@auraframes.com. You will typically receive an invitation from HackerOne, our VDP provider, via email within 2 business days. After you submit the report via HackerOne, our security team will provide remediation as soon as possible depending on the severity and the complexity of the vulnerabilities.

Responsible Disclosure Guidelines

As this is a HackerOne-managed program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.

More details for the disclosure guidelines, please visit:

https://www.hackerone.com/disclosure-guidelines

Response Scope

This vulnerability handling process applies to three assets:

  • The primary Aura Home, Inc. site where you can manage your account, learn about products & services, get support, etc.
  • The api services that provide functionality for our web/mobile apps and digital picture frames.
  • Our image CDN that serves photos to our web/mobile apps and digital picture frame devices.

Vulnerability Handling Process

Aura Home Inc (The following will be referred to as Aura) is committed to ensuring the security of our systems and the data of our customers.

Here is a recap of Aura’s Triage Lifecycle via HackerOne.

  1. Acknowledgment: First response by HackerOne security analysts.
  2. Scope Check and De-duplication: Removal of false positives, deduplication and scope check.
  3. Validation: Verification of valid vulnerabilities using a consistent methodology that includes a reproduction of the report, severity calculation, metadata enrichment and a detailed summary of the finding, the impact, and expert analysis.
  4. Hacker Communications: Maintain ongoing engagement and communication with hackers.
  5. Remediation Advice:: Actionable guidance to effectively address risk and help customers close the risk gap.

For more information, please visit:

https://www.hackerone.com/hackerones-depth-approach-vulnerability-triage-and-validation

The contents of the Report will be made available to the Security Team immediately, and will initially remain non-public to allow the Security Team sufficient time to publish a remediation. After the Report has been closed, Public disclosure may be requested by either the Finder or the Security Team.