Mueller Water Products Vulnerability Disclosure Program

Introduction

Mueller Water Products looks forward to working with the security community to find vulnerabilities in order to keep our businesses and customers safe.

Program Highlights

Open Scope Accepts reports for all owned assets based on impact, even if not listed in scope.

Gold Standard Safe Harbor Adheres to Gold Standard Safe Harbor.

Coordinated Vulnerability Disclosure Standard coordinated vulnerability disclosure practices.

Top Response Efficiency This program's response efficiency is above 90%.

Response Metrics

• Average time to first response: 21 hours
• Average time to triage: 1 day, 20 hours
• Average time to resolution: N/A

Program Rules

• Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.

• Submit one vulnerability per report unless you need to chain vulnerabilities to provide impact.

• When duplicates occur, we only triage the first report received (provided that it can be fully reproduced).

• Only interact with accounts you own or with the explicit permission of the account holder.

Test Plan

Session Layer: HTTP Headers

Researchers should add headers to requests to help us identify you and validate your reports:

• "X-HackerOne-Research: [H1 username]"

Thank you for helping keep Mueller Water Products and our users safe!

Scope Exclusions

Core Ineligible Findings are out of scope.