Responsible Disclosure Policy

Last Updated: June 18, 2025

AJA Video Systems, Inc. is committed to ensuring the security of our systems, products, and services. We value the contributions of security researchers and the broader community in helping us identify and address potential vulnerabilities. This policy outlines our guidelines for submitting security vulnerabilities and our commitment to working with you in a responsible manner.

Scope

This policy applies to vulnerabilities discovered in Products designed and manufactured by AJA Video Systems, Inc. We value the security of our customers, and the participation of the security community at large.

Our Commitments

If you comply with this policy when reporting a security vulnerability, AJA Video Systems, Inc. commits to:

  • Acknowledgment: We will acknowledge receipt of your report in a timely manner.
  • Assessment: We will make a reasonable effort to assess and address the reported vulnerability promptly.
  • Communication: We will keep you informed of the progress of our investigation and remediation efforts, within reasonable limits.
  • No Legal Action: We will not initiate legal action against you for security research that is conducted in good faith and in compliance with this policy.
  • Public Recognition: With your permission, we may publicly acknowledge your contribution in our security advisories or on a dedicated acknowledgments page.

Your Responsibilities

To participate in our responsible disclosure program, we request that you:

  • Act in Good Faith: Conduct your research ethically and avoid any malicious or destructive activities.
  • Avoid Harm: Do not intentionally disrupt services, systems, or data. Do not attempt to access sensitive information beyond what is necessary to demonstrate the vulnerability.
  • Non-Exploitation: Do not exploit the vulnerability or disclose it publicly before we have had a reasonable opportunity to investigate and address it.
  • Provide Sufficient Information: Submit a clear and concise report that includes:
    • A detailed description of the vulnerability, including the affected system or application.
    • Steps to reproduce the vulnerability.
    • Potential impact of the vulnerability.
    • Your contact information (email address is preferred).
  • Keep Information Confidential: Do not share details about the vulnerability with any third parties until we have provided explicit permission.
  • Respect Our Systems: Do not perform denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, spamming, social engineering, or any other activities that could negatively impact our users or operations.

How to Report a Vulnerability

Please submit your vulnerability report to security@aja.com.

Our security team will review your report and work to validate and address the vulnerability. We may contact you for further information or clarification.

What We Consider Out of Scope

While we appreciate your efforts, the following are generally considered out of scope for our responsible disclosure program:

  • Vulnerabilities in third-party applications or services that are integrated with our products.
  • Social engineering attacks or issues only exploitable through extensive social engineering.
  • Issues that are already publicly known or have been previously reported, including library or dependency vulnerabilities.
  • Configuration issues or best practice deviations that do not have a direct security impact.
  • Reports from automated tools or scanners without human analysis and a clear explanation of the potential impact.

Legal Considerations

This responsible disclosure policy is not a guarantee that we will not pursue legal action in all circumstances. We reserve the right to investigate and take appropriate action against individuals who do not comply with this policy or who engage in malicious or illegal activities.

Changes to this Policy

AJA Video Systems, Inc. may update this policy from time to time. We encourage you to review it periodically.

Thank you for helping us keep our products and customers secure.

Contact Us

If you have any questions about this policy, please contact us at security@aja.com.