-
English (US)
Choose your country or region:
Europe
Asia - Australasia
Middle East - Africa
Water quality is something we take very seriously at Hach®. By developing reliable, easy-to-use solutions, as well as providing you with access to knowledgeable expertise and support, Hach is helping to ensure water quality across the globe. To achieve this, we uphold core values that define our responsibility to those we serve. Among them: an unwavering commitment to the safety and security of our customers. Therefore, we believe in continuous improvement to address the ever-evolving privacy and cybersecurity landscape.
In response to potential threats to cybersecurity, Hach has formed a global product security team to assess vulnerabilities and determine responses within a coordinated vulnerability disclosure (CVD) process. These efforts allow the company to continually learn from vulnerability test information submitted to us by customers and security researchers.
This CVD process applies to the reporting of potential cybersecurity vulnerabilities in Hach products and services.
For customer support help requests, technical documents and regulatory contacts and notifications, please contact Support.
Potential security vulnerabilities or privacy issues with a Hach product should be reported to: productsecurity@hach.com using the PGP public key . We ask that you please refrain from including sensitive information (e.g., sample information, PII, usernames, passwords, etc.) as a part of any submissions to Hach. Please provide the following information in your submission:
Your contact information (e.g., name, address, phone number and email)
Date and method of discovery
Description of potential vulnerability
Product name
Version number
Configuration detail
Steps to reproduce
Tools and methods
Exploitation code
Privileges required
Results or impact
Upon receipt of a potential product vulnerability submission, Hach will:
Acknowledge receipt of the submission promptly, typically within five (5) business days
Work with specialized product teams to evaluate and validate reported findings
Contact the submitter to request additional information, if needed
Take appropriate action
Hach considers it a top priority to protect the security and safety, as well as the personal information, of our customers.
When conducting your security research, please avoid actions that could cause harm to you, other customers or products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a productive environment, and products subjected to security testing should not subsequently be used in a productive environment. If there is any doubt, please contact a Hach representative.
Hach reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested
CAUTION: Do not include sensitive information (e.g., sample information, PII, usernames, password, etc.) in any document submitted to Hach. Comply with all laws and regulations in the course of your testing activities.
By contacting Hach, you agree that the information you provide will be governed by our site's Privacy Policy and Online Terms of Use.
Note: When sharing any information with Hach, you agree that the information you submit will be considered non-proprietary and non-confidential and that Hach is allowed to use such information in any manner, in whole or in part, without any restriction.