KORE Responsible Disclosure Policy

KORE Responsible Disclosure Policy

Introduction

If you have discovered a vulnerability in a system, network, or application of the KORE Group (which includes the parent entity and all affiliates and subsidiaries), we would like to know about it so we can take appropriate action to remediate the issue as soon as possible. We will outline the rules of engagement below, which both KORE and you must follow. 

Policy

At KORE we take information security very seriously. We understand no system can ever be fully secure and therefore we always keep in mind that vulnerabilities may exist in our systems. Because we consider the confidentiality and integrity of our customer information a top priority, we would like you to notify us in case a vulnerability has been identified within our systems.

Our Responsible Disclosure Policy consists of a set of rules that both KORE and the person reporting the vulnerability should adhere to. Please note that KORE does not have a so-called “bug bounty program” by which it may provide (high amounts of) financial rewards to the identifier of a vulnerability.

What will KORE do?

  • We will always investigate and respond to every notification.
  • We will respond to a notification within 3 working days and we will treat the finder’s personal information as confidential.
  • If we confirm the existence of a vulnerability, then we will keep the finder informed about the reasonable timeframe within which we wish to resolve the issue.
  • If we decide to make the vulnerability public, then we will consult the person who found the vulnerability. We will provide public recognition to the finder if the finder appreciates this.
  • If this policy is adhered to, then KORE will refrain from reporting (attempted) hacking activities to the police.

What we require of you

  • You will report the identified vulnerability exclusively to KORE and therefore not to any 3rd party.
  • Your report should contain as much information as possible to enable the identification of the vulnerability. This information includes, among others: IP-Addresses, Log files, URLs, timestamps, screenshots, etc.
  • You will see to it that your actions during and after the process of identifying vulnerabilities will all be made in good faith, meaning you will:
    • Not use or exploit the vulnerability for any other purpose than to verify the existence of the vulnerability;
    • Not copy, change, move or remove any information from the relevant system;
    • Will not make any changes to the relevant system itself; and
    • Will not, in any way or form, provide or help provide access to the relevant system.
  • The finder may report the identified vulnerability anonymously. However, for the purposes of follow-up communication, we will need a valid email address of yours.

How to report?

To be able to report an identified vulnerability in any of our systems to us, you should contact security@korewireless.com. To safeguard the confidentiality and integrity of the information we would like you to encrypt the information. Our public key is listed below or can be retrieved from usual PGP key servers. Our key ID is 1BAF317C, 4096 bits RSA, created on 2019-05-03, expires 2027-07-02, with key fingerprint:Key fingerprint = 7E080B7582A490431019B4B2FF842ABC1BAF317C

The easiest way to retrieve our key:gpg --recv-keys 1BAF317C

Below is our public key:-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFzMNn0BEAC4OwqIhJ2DPPexNISn9pnQ9pHkIk90N0aszpQAFtwCqEYGobDR
GebY2NIGbmGGPUs8UEZk/B2/AtXuw4Pc0w2YGTkB9M3whI/0pgV1NHQH7ICI8aRr
xKG9/IYJpbCRqBtOALzP7O1MqODgw7hf2h6caKb6JWuBVE2+ukei2VaIcM3cXzT4
akUGaxJTihaNxyVYr+E43E2oJRTZrD5tlzZ9axo3j8Ri0AnNJYOM51zpHiWHoUo/
ZO7+b84XpVu1kNYgFMkirsxxHWFmxpENUd5ktk0dnyiZxABZFmiVA9mMmPFAI5Rn
oJXi0ToUUieKFJyOx7V1AGthRcQxJDfD7NJCkDiQRQTQIEP0O+hinxJy6JyaSyYi
+2Yrpe4OREkReUODdECA/QuVOlyw0SnLdSfJIrtgiba7yaEelP3zhhCZL8d4vlnf
KxDYoD7XsJo/A+SvSQ/qHaJOeLM6u5sIarYrzqkL1a57+waYzMLESgLpxpFiUe/O
cHRt0sAuT9MGdIf99zjXTifsJUvARlxmvHDlWTze4Fk/hJgyeXZfXPBY1KDgqtFq
UJenhjE2tXEiyLQqQRxBmE4QmWBL9kA/pM+UkaoN8zAnhsnp9yCFCk6e5PYZkIQw
cwCYGgSBdAW3Ecu1Ue6+AjB7th8gZDo4FXHaT9qXTXCBmHNXZcio88gxuwARAQAB
tClLT1JFIFNlY3VyaXR5IDxzZWN1cml0eUBrb3Jld2lyZWxlc3MuY29tPokCVAQT
AQgAPhYhBH4IC3WCpJBDEBm0sv+EKrwbrzF8BQJczDZ9AhsDBQkJaH8jBQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAAAoJEP+EKrwbrzF8XPcP/0nJsia2ruSqejzNvHOc
F78jx6QVNDLxBQYEis7HZ7O80XByxzvN9yZqUxLwjHvkJC6N3f6wYZcRn89VXRrt
ea3Xqutcv5zH4DmtCMHc9HxT4ylEt+tQMsw+3wrm6LQ21QWeHaTSkiafCE8KE6mh
UrYOGjewLSWt5PtN+kaZhgmxl5Jmg+v0uathDcAW5syZ6HEfD5O4B66OiLmE4FvO
Jq//5lrKEv+COFlnGVIPJCuTus04sryJuOqU7qg5v+G9vbS+PH5cfNUZcPuPjAzY
BMiLqtodfsC3nesaE0k2EmZOpt3aCJzc4eI8BEqbwWT491hgd27KSQgprNYgCtuB
oKX24YpYsYJjkp/PopjEypEE1bqm34pFyP6+FBMQthAZBf8t3zLQAenLboIKQhOL
b/RQQws50bWEXktOmFcK+LOR1ucliswWfv3lYOc1ihe51WywtP8pfirzyVSlkfS9
dQQvxMcX6+tCmk2dmy/tkwbXQOASTZUdCZhel494wCEpEQpdhgD3NmzGaqUvhCWk
MMAG5kcecTqgcxF6LnHWgXP+InOglXzwe6jGe9RJ+GfNKKZ4k0YsdmZtkgS9yKkp
NbBaWsJxe6RCFLr0ljffQFCR/rsIgeUBtTj306hCQP7+mNTStFuJ1eY1tmflMm5R
R2Bxe/mxajiz/v7XosDIryzsuQINBFzMNn0BEACgdHw/6DEoUNu1068UL8+G7g0z
KUNIFN7VsI98R+0kaNr9MeW14YPaT6SiC+Z9KcwFzTDmNVI+bUHrAv+T1kAivOHg
FWKnHJ8dfxKYxPZYiFd6NZtltyYF5o11xUijUI6l+Uj3EkFQBgrUNR4IAWq3IJcX
5HzVBLTMWBP5W5NmenL5MyXIwCapODoajGHC25xlAzC66C6ggX3fosm8oJ71ZIKD
zsgzb0LaPdzHhd7nkgJ/EBKIVeNZSGsN3lff1L9ry0fNkmkOE4/PP6CptcwQN9We
UcG7UOVntbdhASD1f5gU/Oc7VaUvg6Dwxh2mUmvHvd1y0VAPa+yQEDRNv7ZMr4Z2
/Tgh0Ecsv8Pn596keF1BxHesOOCqfk3iFRMkaHpGFh+zAZeBY8emJHRQGfjVXI2g
1sJZYP3FQrKrbItZJXD966dVTzAnk9HPcRJ63e/tc6Dl/rWyAhP8hxB3uDl0BnbC
ZEAauxtlm/ABKK98YHf7deEbgFp3SbI/FgUqUBsoMCLAG1QkYdI8Ns0gSQBtfV1W
GiOQ45X/rnsWnWHRLpSEIzsw/AmTA4FylQxseidFz8vNeLSZ0qlAPMOhieYSrDJn
dJEiKCy8NiUGVIYeCceJPQkj/WTFGs26KvCX0k769nzWuUTScBWACPDvPS3hvFva
YY9313FA/TWAQM2M7wARAQABiQI8BBgBCAAmFiEEfggLdYKkkEMQGbSy/4QqvBuv
MXwFAlzMNn0CGwwFCQlofyMACgkQ/4QqvBuvMXxFzw//ZgbkHsyHza3Bm73Q3hs0
u5sx3Ua1UzNehuW+q7ssIZWyU6Mm4NbDBcgjLnp1Y7tvwwE3VNlQ7diSInhku25f
avC6N0lZHS/0tniZfySp7H01Bke8lbFHKVVNYIRmtNKJyebgZqRoSh8fREJGS7pe
WuCG+mPFwhXauROHR5U1bhLGBO+itBRZBuYU2sPcyE43PWZlJzWHGtKiiQOyb68r
BXuAaZMWHWzf7bKimkIvNYeD5o6oGPHftCC/AJ6dNwaRgrz2H/lJAAZKLtxABzxF
oi8+0yR1T+vDmtxUkMdIeSJzahSayR8Mr5XjKZHvgwH9THVha+gYWVAWXyDxs5+2
HRbd4/hjl7rskrvNPubyuXeD9qwSsTty5z3F2OKjgXIO+G0xajk8Qo70s7UnQfLS
YgvQN15yJDaIWaRASPqwLF+2oMG619hDpoKBZyqdk7NnehdlSjXvLVusfsMKRadz
5bViyBPj7GDqzlJgkCL4E8L1SsCSzYgfeZKyNDG0BRoBBgPGZw5gbLEB4lalzwAr
e7uNtIf3kZwyWY0T7LqyZ/rKAyGVt8SQbDMVf9/tUGyHTCqQJhFAL0dAWy5nijba
kmX/uzLLhlV//Dp6NYfvFGhSeMIrA/Us+t9hEsFt/KeM7q1zAlBt+KBVVLHhuoQ1
6dx15Z8BEr9XTddw65R7HKg=
=/ZV6
-----END PGP PUBLIC KEY BLOCK-----

When you do not adhere to the rules of engagement

In case you hack one of our systems and you do not adhere to the rules of engagement as outlined in this procedure, then KORE will always report the incident to the Police.

WORK IN ACTION

KORE Streamlining Connectivity for IoT Solutions Enabling Growth for Utodas

Overview Utodas (Up To Date Stock) is a designer, producer, and service provider of sensors and remote monitoring IoT devices for tanks and siloes. Since 2005, Utodas has been a…

Enterprise Mobility Meets Compassion: Curbing Substance Abuse Through Remote Monitoring

The opioid epidemic continues to present significant challenges to public health, with nearly 87,000 drug overdose fatalities recorded in 2024. And while this marks a decline from previous years, some…

Global IoT Connectivity Powering Smart Agriculture Solutions

Smart agriculture, also known as smart farming, is an area of IoT that relies on wireless connectivity to help farmers maximize crop yields, lower costs, and reduce environmental impacts. Smart…

Smart Hydrants, Smarter Cities: How an Industry Leader and Kore Are Revolutionizing Water Infrastructure With IoT

A leading North American manufacturer and service provider in the water infrastructure industry has built a strong reputation with a comprehensive portfolio that includes engineered valves, fire hydrants, metering products,…

Meeting Occupational Health & Safety Regulations While Increasing Productivity and Reducing Costs in Fleet Management

To implement an M2M fleet tracking system, combining cellular and satellite connectivity to offer maximum network coverage at a cost effective rate is challenging. The system must incorporate compliance of…

IoT-powered Remote Asset Monitoring

Remote asset monitoring is an area of IoT that relies on wireless connectivity to help companies monitor connected assets to optimize their efficiency and effectiveness. With IoT-powered remote asset monitoring,…

Reliable Connectivity for Waste Container Management

Smart waste container management powered by IoT relies on wireless connectivity to help waste management companies craft data-driven, eco-friendly waste collection services. In countries across Europe, connected containers are the…

Infallible Connectivity to Support Healthcare IoT

Healthcare IoT is an area of IoT that relies on wireless connectivity to help companies create cost-effective, patient-centered IoT solutions that enable governments to ease pressure on healthcare institutions and…

IoT Solutions Enable Operational Transformation

TRACKER is the United Kingdom’s number one supplier of Stolen Vehicle Recovery (SVR) and telematics services to retail and business customers. With over a million, market-leading security and award-winning telematics…

ThingTech Partners with KORE to Streamline IoT Offerings

Whether it’s GPS tracking and geofencing for insight into how and where construction equipment moves or telematics for fleet management to support Electronic Logging Device compliance, ThingTech is an innovative…

What’s next?

Made it to the bottom but still have questions?
Don’t worry, we’re just a click away. Reach out, and let’s get connected!