Contact Us

Vulnerability Disclosure

Independent Energy Systems takes the security of its products and services seriously. We welcome reports from customers, security researchers and other parties who believe they have identified a potential security vulnerability affecting an IES product, service or website.

How to report a vulnerability

Please send reports to: vulnerability.reports@iesys.com

Include, where possible:

  • The affected product, service, website or version

  • A description of the vulnerability

  • Steps required to reproduce the issue

  • The potential security impact

  • Supporting screenshots, logs or proof-of-concept information

  • Your contact details

Please do not include customer data, personal information, authentication credentials or information obtained through unnecessary access to systems.

Our response

IES will:

  • Acknowledge receipt within five business days

  • Conduct an initial assessment and advise whether further information is required

  • Provide reasonable progress updates while the vulnerability is being investigated

  • Notify affected customers where remediation or protective action is required

  • Advise the reporter when the issue has been resolved or otherwise closed, where appropriate

Remediation timeframes will depend on the severity, complexity and potential impact of the vulnerability.

Responsible research

When investigating a potential vulnerability, please:

  • Act in good faith

  • Avoid accessing, modifying or deleting data

  • Avoid disrupting services or degrading system availability

  • Avoid privacy violations

  • Stop testing and notify us immediately if sensitive information is encountered

  • Allow IES a reasonable opportunity to investigate and remediate the issue before public disclosure

IES does not currently operate a bug bounty or paid reward program.

Scope

Reports may relate to:

  • IES public website

  • Neo Suite

  • Prophet

  • Security issues affecting IES customer environments where the issue originates from an IES product

Issues affecting third-party products without an IES-specific vulnerability should normally be reported directly to the relevant supplier.