Reporting security issues
Skullcandy takes security seriously. If you believe you have discovered a vulnerability on Skullcandy owned websites or mobile or desktop applications made by Skullcandy, or have a security incident to report, please email us at security.issues@skullcandy.com
What we would like from you
Please write reports in English whenever possible and provide a detailed technical description of the steps required to reproduce the vulnerability, including a description of any tools needed to identify or exploit the vulnerability. Images, screen captures, and other documents may be attached to reports. Reports may include proof-of-concept code that demonstrates exploitation of the vulnerability. Please embed into non-executable file types any scripts or exploit code shared.
Skullcandy is committed to correcting vulnerabilities. However, we recognize that disclosing vulnerabilities in the absence of immediate corrective action can increase risk to our customers. To protect our customers, Skullcandy requests that you do not share any information about a potential vulnerability in any public setting until Skullcandy has addressed the reported vulnerability, and informed customers if necessary. Skullcandy also requests that you do not share any data belonging to our customers.
What you can expect from us
We will acknowledge that your report has been received (generally within 5 business days).
We will maintain an open dialogue to discuss issues.
We will handle your report confidentially and will not share personal details with third parties without your consent, unless obliged to do so pursuant to a statutory provision or a legal ruling.
In the event of a Skullcandy security breach and as appropriate, this page would be ammended to include information about any such instance herein.
Questions
Questions regarding this policy may be sent to security.issues@skullcandy.com