Coordinated Vulnerability Disclosure Policy

A security vulnerability is a weakness that could allow unauthorized access, disruption of service, data exposure, or unintended control of a product or system. Watlow is committed to the security and reliability of our products and services. We welcome reports of potential security vulnerabilities from researchers, customers and partners, and handle them through a coordinated, responsible process.

What’s in Scope

This policy covers security vulnerabilities discovered in:

  • All Watlow products, firmware and embedded software.

  • Companion tools, Application Programming Interfaces (APIs), and configuration utilities.

  • Cloud or mobile applications supporting Watlow devices.

General bugs, feature requests or usability issues should be reported through standard support channels, see Contact Us for details.

Reporting a Vulnerability

If you believe you have found a potential security vulnerability in a Watlow product or service, please use our official reporting channel.

When possible, include:

  • Product name, model, and firmware/software version.

  • Description of the vulnerability.

  • Steps to reproduce or proof-of-concept.

  • Potential impact if exploited.

  • If you require updates or recognition, your contact details.

See Reporting a Vulnerability for details.

Responding to Reports

For reports submitted in line with this policy, Watlow:

  • Aims to acknowledge receipt within 7 business days.

  • Validates the issue and assesses impact, often in collaboration with the reporter.

  • Develops and prioritizes remediation based on severity and potential safety impact.

  • Coordinates disclosure and releases patches or mitigations, typically within 90 days of validation.

  • Recognizes contributors who request acknowledgement and follow this policy.

  • Engages relevant authorities, for example, CSIRTs, ENISA or CISA where appropriate.

Coordinated Disclosure and Safe Harbor

We ask that reporters:

  • Do not publicly disclose details before an agreed disclosure timeline.

  • Avoid testing that disrupts services, affects safety or exposes data.

  • Do not access, modify or exfiltrate data that is not their own.

  • Use the official reporting process and act in good faith in compliance with applicable laws.

When these conditions are met, Watlow will not initiate legal action solely for the act of discovering and responsibly reporting a vulnerability under this policy. Malicious, disruptive or unlawful activities are not covered.

See Reporting a Vulnerability for details.

Last update - February 2026