Vulnerability Reporting

What is this about?

Kaman is committed to protecting the security of its customer, employee and company data.  We want to hear about security vulnerabilities in any of our products or sites.  A "security vulnerability" is defined as an issue that causes a breach of confidentiality, integrity, or availability of the product, service or data, or applies to personal data (privately identifiable information) being stored or processed in a way that is not compliant with regulations.

How to report a security vulnerability

Please submit your report by e-mail to security@kaman.com.  Please note that by submitting us a vulnerability report, you grant us a perpetual, worldwide, royalty-free, irrevocable and non-exclusive license and right, to use, modify, and incorporate your submission or any parts thereof into our products, services, or test systems without any further obligations or notices to you.

In your report, please describe, at least:

  • What you found;
  • Where exactly did you find it and steps to reproduce?

Example: If the attack relates to a specific URI and a specific parameter, please provide that information in detail.

Example: If you are performing fuzzing activities, please provide us with additional information especially the initial corpus you used.

  • If the vulnerability applies to a service, date and time (UTC) when you could reproduce the vulnerability (we may have deployed a new version since then);
  • If the vulnerability applies to a client, provide the client version number, and on which platform the client is running.

We would be thankful for any further relevant technical information that you may have, especially if reproduction is tricky.