Product Security & Disclosure

Vulnerability reporting and security-update support period

Draft — pre-release. This policy is being finalized for the YachtWave Link launch. The security contact address and the support-period end date shown as [placeholders] are confirmed before the product ships. Once live, this page is the published vulnerability-disclosure policy and support-period statement referenced by the UK PSTI and Australian Smart Device Rules declarations.

← Back to Product Compliance

This page applies to the YachtWave Link hardware product (model YLK-1-WIFI) and its device firmware.

Reporting a security vulnerability

We welcome reports of potential security vulnerabilities in YachtWave Link. If you believe you have found a security issue, please contact us:

Email: [email protected]
[Optional: PGP key / fingerprint]

Please include, where you can:

What to expect

Guidelines for researchers

We ask that you give us a reasonable opportunity to address an issue before public disclosure, avoid accessing or modifying other users' data, and avoid actions that could degrade the service or safety of any vessel. We will not pursue legal action against researchers who act in good faith and in accordance with this policy.

Security-update support period

We commit to providing security updates for YachtWave Link (model YLK-1-WIFI) for a defined minimum period from the product's release:

ProductYachtWave Link (YLK-1-WIFI)
Minimum support period[N years from date of purchase]
Security updates provided until[YYYY-MM-DD]

Updates are delivered via [update mechanism — e.g. the companion app / Wi-Fi]. This defined support period is the statement referenced by our UK PSTI Statement of Compliance and Australian declaration.

Device credentials

YachtWave Link does not use a universal default password. Each unit ships with a password that is unique to that device and printed on its label; it is not derivable from public information such as a serial number.