Product Security & Disclosure
Vulnerability reporting and security-update support period
This page applies to the YachtWave Link hardware product (model YLK-1-WIFI) and its device firmware.
Reporting a security vulnerability
We welcome reports of potential security vulnerabilities in YachtWave Link. If you believe you have found a security issue, please contact us:
Email: [email protected]
[Optional: PGP key / fingerprint]
Please include, where you can:
- The product model and firmware version affected.
- A description of the issue and its potential impact.
- Steps to reproduce, and any proof-of-concept details.
What to expect
- Acknowledgement of your report within [N] business days.
- Status updates as we investigate and, where needed, develop a fix.
- Resolution and coordinated disclosure once a remedy is available.
Guidelines for researchers
We ask that you give us a reasonable opportunity to address an issue before public disclosure, avoid accessing or modifying other users' data, and avoid actions that could degrade the service or safety of any vessel. We will not pursue legal action against researchers who act in good faith and in accordance with this policy.
Security-update support period
We commit to providing security updates for YachtWave Link (model YLK-1-WIFI) for a defined minimum period from the product's release:
| Product | YachtWave Link (YLK-1-WIFI) |
|---|---|
| Minimum support period | [N years from date of purchase] |
| Security updates provided until | [YYYY-MM-DD] |
Updates are delivered via [update mechanism — e.g. the companion app / Wi-Fi]. This defined support period is the statement referenced by our UK PSTI Statement of Compliance and Australian declaration.
Device credentials
YachtWave Link does not use a universal default password. Each unit ships with a password that is unique to that device and printed on its label; it is not derivable from public information such as a serial number.