Tivoli Audio Security Vulnerability Reporting
Vulnerability Disclosure Policy
At Tivoli Audio, security is, and always will be, top priority. We have established a security vulnerability reporting program for researchers and members of the public to report any security concerns to Tivoli Audio so they may be investigated and addressed in a timely and effective manner. This policy is based on and references techniques used in ISO/IEC 29147.
Scope
This policy applies to:
- All official Tivoli Audio websites and subdomain: tivoliaudio.com, tivoliaudio.eu, tivoliaudio.jp, tivoliaudio.au, and other regional variations.
- Tivoli Audio mobile applications (iOS and Android)
- Tivoli Audio hardware and embedded software, including connected and Bluetooth-enabled devices
This policy does not cover:
- Third-party platforms or services not managed by Tivoli Audio
- Physical or social engineering attacks, spam, denial-of-service (DoS) or resource exhaustion attacks
Security Support Period
Tivoli Audio is committed to the safety and longevity of our products. We will provide security updates for all Tivoli Audio hardware and embedded software for a minimum of two (2) years from the date the product is last sold by Tivoli Audio or its authorized resellers.
- Should we extend the period of support for any product, we will publish this updated support period as soon as practicable. This information is:
- Publicly accessible without request.
- Available free of charge
- In English
- Accessible without the need to provide personal information.
- Written clearly for readers without technical expertise.
Guidelines for Reports
If you believe you have detected a vulnerability or risk to a Tivoli Audio product, service, or platform, please contact us at security@tivoliaudio.com
To help us investigate, please include as much detail as possible, including:
- A clear description of the vulnerability
- Affected products, platforms, or services.
What You Can Expect From Us
When you submit a valid vulnerability report, you can expect the following:
- Acknowledgement of your report within 5 business days
- Ongoing updates on our investigation status
- Coordination on disclosure timelines (we aim to resolve verified vulnerabilities within 90 days)
- Notification when the issue has been resolved
Acknowledgments
We deeply appreciate responsible disclosures and may, with your consent, publicly acknowledge your contribution on our website or in a security advisory. While we do not currently operate a bug bounty program, we are open to highlighting the efforts of those who help improve the safety and security of our systems.
Legal Issues & Protections
Tivoli Audio will not pursue legal action against researchers and members of the public who:
- Act in good faith and comply with this policy
- Avoid accessing, modifying, or deleting data
- Avoid service disruptions
- Provide us a reasonable opportunity to investigate and address the issue before making it public
We consider your activities authorized under applicable laws, and we support safe and responsible research that helps strengthen our systems.