ETC’s products provide reliable, secure control of lighting systems from theme parks, to stadia, to major live shows. We take the stability and security of our systems as matter of key importance. This page outlines our commitment to security, our policies
and how to report security defects in our products.
Security Policy
Our aim is to deliver a system with an appropriate level of security to the circumstances of the installation. Security is delivered through a combination of product development and system design.
Selected ETC products are certified by the IoXT alliance (https://www.ioxtalliance.org/)
End of Life Policy
For software-based, IP connected products ETC will provide security and feature updates during the product lifecycle. The lifecycle stage of a product can be determined by its positioning on ETC’s website. When an ETC product reaches its end of life,
the information shall be distributed by press release; and the product details will be moved to the “Legacy Products” section of the ETC website.
End of life indicates that a product is no longer supported with security updates (this may be different to the discontinuation of shipping of a product). ETC will provide at least a 1-year notice for end of life of a product.
Vulnerability Disclosure Program & Response Policy
ETC welcomes submissions of security issues in our products via the form below. Timely identification of security vulnerabilities is critical to eliminating potential threats. We welcome reports from independent researchers, industry organizations, vendors,
customers, and others concerned with product or network security, and we are committed to responsible disclosure.
ETC accepts reports of product vulnerabilities via [this form]. Once a vulnerability is reported, ETC will:
- Confirm receipt of the vulnerability report to the submitter within 3 business days. The submitter will be provided with a point of contact within ETC regarding the report.
- Triage the report. The triage process is carried out by ETCs Product Security Incident Report Team (PSIRT), led by the product manager for the products to which the vulnerability applies
- Verify the vulnerability exists, and assess impact
- If the vulnerability is valid, record the defect as a product issue
- Once the vulnerability is resolved and the resolution is tested, ETC will publish the vulnerability details and resolution within our standard product software release notes
- For OEM products (i.e. products over which ETC does not have complete control of software development), ETC will work with the OEM product vendor to resolve defects and provide feedback.
Vulnerability Disclosure Form