Background

Supreme Imports Ltd (Supreme) develops and provides certain consumer products that allow internet and/or digital connectivity. This includes certain of its smart lighting products.

Supreme is committed to ensuring the safety and security of our products. As part of this commitment, we’ve established a vulnerability policy to provide guidance for our smart products and systems.

Supreme actively seeks to identify and reduce potential vulnerabilities, but we also value input from our customers on actual or potential vulnerabilities they may discover.

Submitting a Report

If you have, or you believe you have, discovered a vulnerability in a Supreme smart product or service, please complete the form here.

If submitting a report please provide as detailed a summary of the vulnerability as you can, including:

• Type of issue: The product, version, and (if known) software containing the bug or vulnerability, and if known, step-by-step instructions to reproduce the issue.
• Impact of the issue, including any suggested mitigation or remediation actions, as appropriate.

What You Can Expect From Supreme

We take every report seriously and appreciate your efforts. We will strive to investigate every report to seek to ensure that appropriate steps are taken.

Within seven business days, we will acknowledge receipt of your report.

Please bear in mind, we may contact you for further information. To the best of our ability, we will also provide status updates, as appropriate, as remediation of the vulnerability progresses.

Unless you request and we agree otherwise, Supreme will communicate with you, the reporter, via e-mail. Your contact information and other potential personal information will be handled in accordance with our Privacy policy.

Legal

As part of submitting any report, we expect you to:

• comply with all laws in connection with your use of the product, your activities or your participation in this vulnerability disclosure program;
• keep information about the potential vulnerability and about Supreme confidential between yourself and Supreme until we have a remedy in place or make the applicable information public, and not to use any of Supreme’s information or intellectual property for commercial or business purposes; and
• not engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law, and not to represent any service or work provided by you is approved or endorsed by Supreme.

We thank you in advance for your efforts in supporting the security of our products and services.