This document outlines the Cyber Matterz disclosure policy as it relates to vulnerabilities identified by Cyber Matterz staff in the course of company-sponsored research. Upon identification of a security vulnerability, Cyber Matterz will attempt to contact the appropriate product vendor by email and telephone. Fifteen days (15) days after notification to the product vendor, Cyber Matterz will report the vulnerability to the Carnegie Mellon Computer Emergency Response Team (CERT), whether or not the product vendor has responded to Cyber Matterz. Based on CERT’s disclosure policy, CERT will publish an advisory related to the vulnerability for approximately forty-five (45) days (more or less depending on extenuating circumstances) to the general public. At this time, Cyber Matterz may provide our customers with product updates to detect and remediate this vulnerability.