Cync Security Practices
We have been at the forefront of lighting technology for over 130 years. Through brand offerings like GE Lighting, a Savant company and Cync, our mission at Savant Technologies LLC (“Savant”) is to provide the best smart home experience to our customers. Our evolution is grounded in creating brighter lives and a more sustainable world, and we’re building an ecosystem of smart home products to achieve that mission.
Earning our customers’ and retailers’ trust is critical. Delivering secure products and services that respect privacy needs is core to what we do. We perform exhaustive security reviews and penetration testing with trusted third parties to ensure that what we bring to market meets our security standards.
We recognize that being proactive is not limited to what we do ourselves. It includes creating a secure and responsible avenue for reporting potential vulnerabilities with our products and services. We review all submissions in a timely manner, and for the protection of our users, we will only disclose verified vulnerabilities after they have been fixed.
Cync customers can direct any security concerns to our dedicated US-based Cync Customer Support team by calling 1-844-302-2943 or emailing at firstname.lastname@example.org.
Please follow the below procedure to securely and responsibly notify us of a potential vulnerability:
- Use our PGP public key to securely transmit any submission via email to email@example.com. Our PGP key can be downloaded here:
LINK TO DOWNLOAD PGP KEY
- Provide a technical description of the vulnerability, and include the specific products or services that you tested and any relevant environmental details (dates, operating systems, network details, etc.).
- Provide your contact details so that we can get in touch with you if needed in your preferred manner.
- Provide detail on how the vulnerability was discovered and can be reproduced, including any tools utilized or relevant code used (again, please ensure that any code submitted is specifically marked and encrypted with our PGP key).
- If any external parties were also notified of the vulnerability, please include this in your submission along with relevant tracking numbers.
- As part of a responsible submission, we ask that we coordinate any external disclosures to ensure that the vulnerabilities are fixed prior.
- General submission guidelines:
- Do not include any sensitive information or screenshots.
- Do not disrupt products or services of users that are currently in use. Perform all testing in a responsible manner that will not impact product or service operation for users and does not alter or destroy customer data.
- Do not take advantage of a vulnerability more than is necessary, for example sharing it with others or creating a backdoor.
What to expect after submission:
NOTICE: Any information shared with Savant is considered non-proprietary and non-confidential and we are able to use this information, in whole or in part, in any manner deemed necessary without restriction. You agree that any information submitted does not create any rights for you, and does not create any obligation for Savant.
- We will acknowledge receipt of the submission by replying to the sender’s preferred method of contact.
- We will notify our security and product teams of the submission and conduct an initial review.
- If necessary, we will arrange time to review the submission and any related details with the sender.
- If necessary, we will coordinate any public communication regarding the submission, including but not limited to:
- Timing of the announcement (to coincide with a potential resolution to the vulnerability)
- The nature of the vulnerability/issue
- The corrective action recommended and/or implemented