Security
At Morse Micro, we’re committed to building secure, robust wireless solutions. We recognize that strong collaboration with security researchers, customers, and partners is essential to maintaining the trust and safety of our products and ecosystem.
We take security vulnerabilities seriously and encourage responsible disclosure. Our Product Security Incident Response Team (PSIRT) ensures reports are handled professionally, confidentially, and in line with global industry standards.
Reporting Security Vulnerabilities
We welcome reports of potential security vulnerabilities that may affect:
-
Morse Micro chipsets (e.g., MM6108, MM8108)
-
Reference designs (e.g., HaLowLink 1, HaLowLink 2)
-
Software SDKs, OpenWRT builds, and firmware
-
Online developer documentation and drivers
Out of Scope
-
Non-security bugs or usability issues
-
End-user apps developed by third parties
-
Experimental evaluation kits (e.g., EKH01, EKH05, EKH19)
Working with Researchers
We value collaboration with the security community and ask that all research and reporting be conducted responsibly.
Researchers are expected to:
-
Respect user privacy and data integrity — do not access, modify, or delete information that does not belong to you.
-
Maintain system availability — avoid denial-of-service, brute force, social engineering, or physical attacks.
-
Remain within scope — focus only on Morse Micro products and software listed above.
-
Disclose responsibly — allow us sufficient time to investigate and remediate before making findings public.
-
Provide clear and reproducible details so our engineers can validate the issue efficiently.
In return, Morse Micro will:
-
Acknowledge receipt of your report promptly and provide ongoing status updates.
-
Handle submissions with professionalism, confidentiality, and fairness.
-
Offer public recognition (with your consent) where appropriate, such as in advisories or release notes.
-
Uphold our safe harbor commitment if you act in good faith.
-
Report a Security Issue
If you believe you have identified a security issue, please complete the form below.
Alternatively, you can contact our PSIRT team directly:
-
Email: security@morsemicro.com
-
PGP Key: Download our public key (recommended for sensitive information)
Include the following details:
-
Product name(s) and version(s) affected
-
Description of the vulnerability
-
Steps to reproduce or proof-of-concept (if available)
-
Potential impact and/or suggested mitigation
-
Your preferred contact method
All reports are treated with confidentiality and respect.
What Happens Next
Our PSIRT will:
Acknowledge receipt within 3 business days
Investigate and validate the issue internally
Engage relevant engineering teams to triage and resolve
Provide status updates throughout the process
Coordinate a fix, mitigation, or workaround
Publish a Security Advisory and assign a CVE ID, if applicable
We aim to resolve valid vulnerabilities as quickly as possible, typically within 90 days, depending on complexity and impact.
Coordinated Disclosure Approach
Morse Micro supports coordinated vulnerability disclosure. We strive to:
Collaborate privately with the reporter until a mitigation is available
Credit researchers publicly (if desired)
Communicate transparently with our customers and partners
Our approach follows international standards and guidance:
ISO/IEC 29147 – Vulnerability Disclosure
ISO/IEC 30111 – Vulnerability Handling
FIRST PSIRT Services Framework
Regulatory Compliance
In some cases, Morse Micro may be legally required to notify regulatory authorities (e.g., under the EU Cyber Resilience Act) within strict timelines:
Initial notification within 24 hours of awareness
Detailed report within 72 hours
These submissions are confidential regulatory notifications, not public disclosures. We will keep researchers informed if a report requires such regulatory action.
Safe Harbor & Updates
Last updated: 28 July 2025
Safe Harbor: If you report a vulnerability in good faith, Morse Micro will not pursue legal action.
For general technical support or product inquiries, please Contact Us.
