Deployment Model
TXOne’s solutions are designed to deploy on levels 1 (basic control), 2 (supervisory control) and 3 (site manufacturing operations and control) of the Purdue model.
TXOne Networks – April 10, 2024
Introduction
TXOne Networks is committed to eliminating the security weaknesses prevalent in industrial environments. Our Product Security Incident Response Team (PSIRT) is fully committed to product security that follows the highest standard. We encourage security researchers to report any security issues or security incidents by emailing ✉ security@txone.com.
For added security, please encrypt sensitive information with our PGP Public Key (fingerprint: FECB D146 2C36 3B04 6B2D F4E5 7314 6C66 B4E5 26C6)
Authorization
If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and TXOne Networks will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities conducted in accordance with this policy, we will make this authorization known.
Guidelines
Under this policy, “research” means activities in which you:
Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and refrain from disclosing this data to anyone else.
Test methods and scope
The following test methods and scope are not authorized:
Check our products to determine what is supported. If you aren’t sure whether a product or system is in scope or not, contact us at ✉ security@txone.com before starting your research.
Reporting a vulnerability
We accept vulnerability reports at ✉ security@txone.com. Reports may be submitted anonymously. We will acknowledge receipt of your report within 72 hours.
To help us triage and prioritize submissions, we recommend that your reports fit the following criteria:
Please inform us if any of the material provided is not your original work or is subject to the intellectual property rights of others. Not notifying us means that you assert no involvement of third-party intellectual property rights.
When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.
Questions
Questions regarding this policy or coordinated vulnerability disclosure in general may be sent to ✉ security@txone.com.
TXOne’s solutions are designed to deploy on levels 1 (basic control), 2 (supervisory control) and 3 (site manufacturing operations and control) of the Purdue model.