Coordinated Vulnerability Disclosure (CVD) Policy
CRA Annex I Part II §5 · ISO/IEC 29147:2018
Axiomtek follows Coordinated Vulnerability Disclosure principles. We commit to acknowledging receipt of vulnerability reports within 2 business days (48 hours). Disclosure timelines are agreed upon with reporters in accordance with ISO/IEC 29147 principles.
How to Report a Vulnerability
CRA Art.13 §6 · Art.13 §17
Safe Harbor Legal Protection: Reporters who act in good faith and follow our responsible disclosure guidelines will not face legal action.
Reporting Obligations
CRA Article 14 · ENISA SRP
As required by the EU Cyber Resilience Act (effective 11 September 2026), Axiomtek reports actively exploited vulnerabilities and severe incidents to ENISA via the Single Reporting Platform:
Initial submission to ENISA within 24 hours of becoming aware of any actively exploited vulnerability or severe incident.
Formal notification providing further technical assessments, vulnerability characteristics, and initial remediation steps.
Detailed closure report submitted within 14 days for vulnerabilities or 1 month for incidents, specifying corrective measures and resolution details.