Webinar | Modernizing Asset Inventory: A Smarter Approach to Securing Industrial Environments
Register
Academy
Labs
Careers
Partner Login
Support
Nozomi logo
Platform

Platform Overview

Our industrial cybersecurity solutions deliver unmatched asset intelligence, threat detection and AI-driven insights.

Learn more
MANAGERS
Vantage
Cloud
Central Management Console
On-prem
SENSORS
Guardian
Network
Guardian Air
Wireless
Arc
Endpoint
Arc Embedded
Endpoint
ENHANCEMENTS
Vantage IQ
Asset Intelligence
Threat Intelligence
Smart Polling
TI Expansion Pack
Powered by Mandiant
Integrations

Professional Services

OT and IoT security expertise that speeds solution deployment and maximizes value

Learn more
Solutions
BUSINESS NEED
Asset Inventory Management
Threat Detection & Response
Continuous Network Monitoring
Vulnerability Management
Risk Management
IoT Security
Data Center Cybersecurity
Building Automation System
Cybersecurity
INDUSTRY
Airports
Electric Utilities
Healthcare
Manufacturing
Maritime
Mining
Oil & Gas
Pharmaceutical
Rail
Retail
Smart Cities
Stadiums & Arenas
Water &
Wastewater
PUBLIC SECTOR
Federal Government
State & Local
COMPLIANCE
ISA/IEC 62443 Standards
NERC CIP
NIS2 Directive
SEC Cybersecurity Rules
TSA Security Directives
Partners

Why Partner with Us

Our global partner network deploys OT & IoT cybersecurity solutions for customers around the world.

Learn more

Our Partners

Explore all Nozomi Networks partners

Learn more

Find a Partner

Find a certified Nozomi Networks partner in your country.

Learn more

Partner Portal

Log into the Nozomi Networks partner portal.

Log In
Resources

Resource Library

Browse OT & IoT security research, guides, videos and more from the Nozomi Networks team.

View Resources
RESOURCES
Case Studies
Content Packs
Data Sheets
OT Cyber FAQs
Guides
Research Reports
Solution Briefs
Videos
Webinars
White Papers
Trust Center

Customer Hub

Explore our latest customer resources, including webinars, how-to videos, content packs and more.

View Hub
Blog
Company

About Nozomi Networks

We keep critical infrastructure and operational technology cyber resilient.

Learn more
Leadership Team
Events
Newsroom
Careers
Customer Stories
Contact Us
Request Demo

Vulnerability Disclosure Policy

The goals of Nozomi Networks, Inc. Labs (“Nozomi Networks Labs”) Vulnerability Disclosure policy are two-fold:

  1. protect end users in a timely manner, by ensuring that the vendor is acting promptly on the information provided to resolve the issue; and
  2. ensure that the action is as comprehensive as possible, such that it will fix the vulnerability thoroughly without causing further risks to the end users.

To achieve these goals, Nozomi Networks Labs adopt the following disclosure timeline.

Phase 1: Vendor Notification

Deadline: Day 30

Nozomi Networks Labs will attempt to contact the vendor, either directly or indirectly via a CVE Numbering Authority of Last Resort (CNA-LR).

Nozomi Networks Labs will provide the vendor with a vulnerability advisory report containing an overall description of the issue, an in-depth technical analysis, possible remediation suggestions, and a copy of this vulnerability disclosure policy. Any vulnerability advisory report produced by Nozomi Networks Labs is the property of Nozomi Networks and cannot be reproduced, distributed, transmitted, shared, copied, or modified, without the prior written consent from Nozomi Networks.

The vendor has up to 30 days to reply from the initial disclosure, acknowledging that the issue is under analysis.

Nozomi Networks Labs will attempt to notify the vendor via the established communication channel if they fail to meet this deadline.

Phase 2: Vendor Engagement

Deadline: Day 90

The vendor has to reply within 90 days maximum from the initial disclosure, producing:

  • A technical explanation of how the issue will be addressed; and
  • A timeline for the public disclosure.

Nozomi Networks Labs will attempt to notify the vendor via the established communication channel if they fail to meet this deadline.

Nozomi Networks Labs will review the provided information and, if necessary, start a discussion with the vendor with the aim to reach a mutually-agreed action.

Phase 3: Public Disclosure

Deadline: Day 180

The vendor has to publicly resolve the vulnerability in 180 days maximum from the initial disclosure.

After the vendor has publicly resolved the issue, or after 180 days from the initial disclosure (whichever comes first), Nozomi Networks Labs will release a public notification of the vulnerability and, at discretion, a technical blogpost of the issue.

Timeline Extensions

Nozomi Networks Labs is aware that some vulnerabilities can have profound ramifications on the affected systems. For this reason and on a case-by-case basis, Nozomi Networks Labs may exceptionally agree to a timeline extension upon request by the vendor, provided, however, that the vendor satisfactorily illustrates to Nozomi Networks Labs the technical rationale behind the request.

Early Disclosure

During the interim period prior to the public disclosure, Nozomi Networks Labs will proceed with an early disclosure of the vulnerability only to subscribers of Nozomi Networks’ service. This disclosure will be done in the form of an advisory, containing a high-level description of the issue and some suggested mitigations, and in the form of an update of Nozomi Networks' Threat Intelligence feed, containing one or more strategies to detect the issue. All content will be distributed under the Traffic Light Protocol (TLP):AMBER+STRICT level, to alert such subscriber against any dissemination of the vulnerability ahead of the public disclosure. Nozomi Networks Labs will provide advance notice to the vendor before proceeding with such early disclosure.

At any stage of this process, Nozomi Networks Labs is fully committed to working with vendors to ensure that the technical details and severity of a reported security issue are fully understood. This is accomplished by sharing with the vendor technical information gathered through the research and -- when possible -- a reliable way to reproduce the issue.

If a vendor chooses not to take the actions requested herein and fails to meet the disclosure timeline, or is unable to provide a sound explanation for not meeting the expectations, Nozomi Networks Labs, after 180 days from the initial disclosure, will publish an advisory with limited technical details including mitigations.

In all the cases, Nozomi Networks Labs will formally and publicly release its security advisories.

‍

‍

Privacy

Sub-processor Locations
Confidentiality of Information Sharing of Information Data Under the TLP Protocol
Data Request Policy
Cookie Policy
Nozomi Networks Privacy Policy and Legal Notices

Terms & Conditions

Nozomi Networks Service Level Agreement.
RMA Procedures and Policies
Optimization Agreement
Health Check Agreement
Training Agreement
Fast Track Service Agreement
Workorder Agreement
Hardware as a Service (HaaS) Program Guidelines
Product End User License Agreement
End of Life Policy
Data Protection Agreement (DPA)
Customer Support Terms and Conditions

Business Practices

Vulnerability Disclosure Policy
Code of Ethics and Business Conduct
Anti-Bribery & Anti-Corruption Policy
Global Trade Compliance
Sustainability Policy
Equity, Diversity, and Inclusion Policy

Certifications

AICPA SOC 2 for Service Organizations
Customs Trade Partnership Against Terrorism (CTPAT)
ISO 27001:2022
ISO 9001:2015
Type 2 SOC 3
View our Privacy Policy

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

NERC CIPNIS2 DirectiveTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2025 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.