The nature of our technology means that, from time to time, we need to demonstrate potential weaknesses in a manufacture’s product security. Essentially, we are doing a form of penetration testing that most product companies welcome if done in an ethical manner. For example, we may need to demonstrate that a smart lock has a weakness to a given method of attack. LEVL strives to maintain the highest level of ethical behavior around this type of “ethical hacking”. It is our desire to point out security flaws of a given technology, for example, Bluetooth Low-Energy, not to point out the flaws of a given product. As such we have put in place a set of operational guidelines for our ethical hacking activities.
Keep private and confidential personally identifiable information that may be exposed through our efforts. Furthermore, destroy and do not hold any of this information.
Inform any product manufacturer of any previously unknown or undocumented breaches that we discover. Disclosure will be done via that company’s ethical disclosure. mechanism and will allow the company at least 30 days to respond before publishing.
Protect the intellectual property of others by relying on our own innovation and efforts, thus ensuring that all benefits vest with its originator.
When possible, avoid disclosing step by step directions of how to perform an attack
We will never knowingly use software or process that is obtained or retained either illegally or unethically.
We will not associate with malicious hackers nor engage in any malicious activities.
We will ensure all penetration testing activities are authorized and within legal limits.
If hiring an outside contractor as an ethical hacker, we will attempt to obligate that hacker to follow these same policies.