Cyber Security Policy
Our partners count on us before, during and after the installation.
This privacy statement explains the privacy practices of Clenergy for users of the websites of Clenergy,
including the Clenergy Monitoring Platform (collectively, the “Site”).
As a growing percentage of energy on the grid is being supplied by PV, it is vital that the industry takes a pro-active approach to enhancing the cyber security of all systems. Being a global leader in the PV industry, Clenergy is dedicated to advancing cyber security in order to maintain confidence in and uphold the reputation of the solar industry.
Extensive efforts have been undertaken by Clenergy to advance cyber security in order to protect the integrity of the company’s products, solutions, platforms, and data. Extending its cyber security activities to collaborate with the cyber industry, Clenergy employs a Responsible Disclosure Policy which includes a Bug Bounty Program designed to help identify and fix any potential flaws in the company’s services or products.
The Bug Bounty Program encourages cyber experts to communicate to Clenergy any cyber security vulnerabilities they have uncovered and provide the Company with the opportunity to address such vulnerabilities before going public, in accordance with the terms of the program. Clenergy offers rewards and monetary compensation for legitimate reports on cyber security threats following validation and verification. In accordance with our Responsible Disclosure Policy, Clenergy will disclose these vulnerabilities after a stipulated period of time that first allows the Company to resolve them and thereby maintain the highest possible security of Clenergy’s platforms and services for all stakeholders. Please ensure to submit reports using the official Vulnerability Reporting Form, and review the below terms and conditions.
As part of our Responsible Disclosure Psystems and ancillary services. The Company pledges to share pertinent cyber security information and vulnerabilities with the PV market.
Clenergy will not undertake legal action, against any individual or entity that reports a cyber security vulnerability if all policies are followed. As part of the responsible disclosure policy, Clenergy requires there will be:
• Time to investigate and rectify any issues reported before sharing information publicly or with others
• No interaction with or disruptions to individual accounts
• No exploitation of the security vulnerability discovered
• No use of other’s data or information
• Only penetration testing performed on live PV systems. If or once penetration is achieved, the vulnerability must be reported immediately; no additional testing is permitted
• Compliance with applicable laws
As part of our commitment to protect our customers’ interest, Clenergy is inviting security researchers to find security breaches and vulnerabilities in our inverters’ hardware & firmware. We are looking for all kinds of security breaches in our inverters’ which can lead to denial of service, system malfunction or cause financial damage to the system owner.
For more details on how to obtain access to our inverters, please send your details to HWBugBounty@Clenergy.com
Clenergy offers compensation to cyber experts who report cyber security vulnerabilities. The compensation offered is completely at the Company’s discretion and is based upon risk, impact, ease of exploitation, quality of the report, and additional considerations. If offered, the minimum reward is $100.
As part of the bug bounty policy, Clenergy requires:
• Adherence to the above responsible disclosure policy
• The bug must actually present a security risk
In addition to receiving a bounty for reporting verified vulnerabilities, you will also collect points which will show on our Hall of Fame leaderboard.
Please ensure to submit reports using the official Vulnerability Reporting Form, and review the terms and conditions.