Terms menu

Vulnerable Things - Reporter Terms and Conditions

Version 1.0, Effective from 22 June 2020. (View previous versions).

Please note: These terms apply to Reporters only. If you are registering to use the Vulnerable Things platform as a provider (Industry Member) of Internet-connected consumer products (Things) in order to receive reports of any weakness of software, hardware, or online service that can be exploited (Vulnerability) in relation to Things, please see our Industry Member Terms & Conditions instead.

1. About us: Techworkshub Ltd (t/a IoT Security Foundation) (company number SC170059) (we/us/our) is a company registered in Scotland and our registered office is at 1 George Square, Glasgow, Scotland, G2 1AL.

2. Our contract with you: These terms apply to the person (you/your) that has registered to access and use the Vulnerable Things Vulnerability disclosure platform (Platform) for the purposes of reporting Vulnerabilities in relation to Things (Reports). You may be an ethical hacker, security researcher, user of Things or a member of the public and, as such, may either be a ‘consumer’ or a ‘trader’ under the UK Consumer Rights Act 2015 (CRA 2015). If you are a consumer, nothing in these terms affects your statutory rights, but otherwise, these terms apply to the exclusion of any other terms and conditions which are implied by law. These terms represent the entire agreement between you and us in relation to the Platform and submission of Reports and you acknowledge that you have not relied on any statement or promise that is not set out in these terms. The agreement between us as set out in these terms will be referred to as this agreement.

3. Vulnerability disclosure policy: In addition to these terms, you agree to comply with our Vulnerability Disclosure Policy, available at [/terms/policies/vulnerability-disclosure-policy/].

4. Your account: If you choose, or are provided with, a username, password, or any other piece of information as part of our security procedures, you must treat such information as confidential. We have the right to disable access to any account if we reasonably believe that you have shared your details with anyone else or that your account has been compromised. If you know or suspect that anyone other than you knows your details, you must promptly notify us at [email protected].

5. Your promises: You promise that: (i) the lawful use by us and our Industry Members of any data, information or other materials included in or provided together with your Reports will not infringe the intellectual property rights or other rights of any third party; and (ii) you will comply with all applicable laws in relation to your use of the Platform and any Reports you submit through the Platform.

6. Independent legal advice: You are advised to seek independent legal advice before taking any action in relation to identifying a Vulnerability which could constitute a criminal offence. We do not promote or encourage any illegal activity. You can find further information about the types of offences under the UK Computer Misuse Act 1990 and how they are prosecuted on the Crown Prosecution Service website.

7. Rewards: We do not pay any bounties, rewards or other compensation (Reward) in relation to Reports. When you make a Report, Industry Members may, at their sole discretion, offer you a Reward. Any such Reward is the subject of a separate transaction between you and the Industry Member. We do not operate any kind of escrow account service. We are not responsible for any failure or delay by any Industry Member to pay you a Reward or any of their other acts or omissions.

8. Intellectual property rights in the Platform: All intellectual property rights in and to the Platform are owned by us or our licensors. Except as set out in these terms, we do not grant you any right in or to any intellectual property rights (including but not limited to copyright, database right, patents or trade mark, in each case whether registered or unregistered) or any other rights or licences in respect of the Platform.

9. Intellectual property rights in Reports: We do not claim ownership of any Reports or the data, information or materials included in them or provided together with them. When you submit a Report via the Platform, you grant to us (and through us, the relevant Industry Member) a fully paid-up, non-exclusive, royalty-free, transferable licence to copy, use and disclose your Reports to the relevant Industry Member and for any purpose in connection with our operation of the Platform.

10. Independent parties: You agree that you are acting as an entirely independent party in relation to your use of our System. Under no circumstances will you become our employee and you will not hold yourself out as being our employee at any time.

11. Our liability to you:

11.1 Nothing in this agreement excludes or limits any liability which cannot legally be excluded or limited by us.

11.2 Subject to clause 11.1:, (a) if you are a ‘consumer’ under the CRA 2015, we will not be liable to you for any business losses, and any liability we do not for losses you incur are strictly limited to losses that were reasonably foreseeable; or (b) if you are a ‘trader’ under the CRA 2015, we will not be liable to you for damages, losses or other liabilities arising out of your use of the Platform, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with this agreement for: (i) loss of profits; (ii) loss of sales or business; (iii) loss of agreements or contracts; (iv) loss of anticipated savings; (v) loss of use or corruption of software, data or information; (vi) loss of or damage to goodwill or reputation; or (vii) any indirect or consequential loss.

11.3 Subject to clauses 11.1 and 11.2, our total liability to you arising under or in connection with this agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will be limited to £500.

11.4 This clause 11 will survive termination of this agreement.

12. Suspension and termination: Without limiting our other rights or remedies, we may suspend or terminate your access to the Platform or this agreement with immediate effect by giving written notice to you if you: (a) materially breach any of these terms and, if such breach can be remedied, you have failed to do so within seven days of us giving you written notice of such breach; (b) use the Platform to display, transmit or store any Prohibited Content; (c) use the Platform for any purposes which are deceptive, fraudulent, illegal or unlawful; or (d) use the Platform in any way which may put us in breach of our contractual or other obligations owned to any other person.

In this clause, Prohibited Content means any: (a) material which infringes the rights (including intellectual property and privacy rights) of any other person or could result in legal action being taken against us or any other person; or (b) messages or communications which are abusive, indecent or offensive, or which are likely to cause annoyance, anxiety or inconvenience to another person or constitute spam or unsolicited mail

  1. Communications between us: When we refer to written or in writing in this agreement, this includes email. Any notice required to be given under or in connection with our agreement must be made by email and such emails will be deemed received at 9am the next working day after transmission. You may send emails to us at [email protected]. We may send emails to you using the email address associated with your account and if this changes, you must promptly notify us. The provisions of this clause will not apply to the service of any proceedings or other documents in any legal action.

14. Assignment and transfer: We may assign or transfer any of our rights and obligations under these terms and will give you written notice if this occurs. You may not assign or transfer your rights and obligations under these terms to any other person or entity without our prior written consent (such consent not to be unreasonably withheld or delayed).

15. Variation: We may need to make changes to these terms occasionally, to reflect any changes to our Platform or legal requirements. We’ll notify you of any important changes on our Platform or by email before they take effect.

16. Waiver: If we do not insist that you perform any of your obligations under this agreement, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you or that you do not have to comply with those obligations. If we do waive any rights, we will only do so in writing, and that will not mean that we will automatically waive any right related to any later default by you.

17. Severance: Each provision of these terms operates separately. If any court or relevant authority decides that any of them is unlawful or unenforceable, the remaining provisions will remain in full force and effect.

18. Third party rights: This agreement is between you and us. No other person has any rights to enforce any of its terms.

19. Governing law and jurisdiction: The agreement as set out in these Terms is governed by the laws of England and Wales and we each irrevocably agree to submit all disputes arising out of or in connection with this agreement to the exclusive jurisdiction of the [English/Scottish] courts (except that we may recover any amounts owed to us through the courts of any relevant jurisdiction).