Vulnerability Reporting and Milestone Commitment 

Milestone appreciates and encourages efforts made by researchers in identifying and reporting vulnerabilities for Milestone products and services. By following the vulnerability-disclosure process described in this policy, Milestone’s Product Security Team will, to the best of our abilities, respect the researcher’s interests through mutual transparency and collaboration throughout the disclosure process. 

Milestone expects researchers not to disclose identified vulnerabilities until at least 90 days after the vulnerability has been communicated to Milestone, or, alternatively, not before a mutually agreed date. Milestone also expects vulnerability researchers to perform their research within legal boundaries that would not cause harm, expose privacy, or in general compromise the safety of Milestone, our partners and customers.