P14. Addressing security vulnerabilities

The company should address XXXX glossary-securityvulnerability XXXX when they are discovered.

 
100%0%
100
Yahoo
73
Microsoft
67
Meta
67
Tencent
67
Yandex
61
Amazon
50
Twitter
50
VK
39
Samsung
36
Alibaba
33
Baidu
33
Google
25
Apple
17
Kakao
Select companies:
Select companies
Sort
Alphabetically
36%

Alibaba

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Taobao.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Taobao.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Taobao.com
No
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Taobao.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Taobao.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Taobao.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Taobao.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Taobao.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Taobao.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Taobao.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Taobao.com
NA
Average50
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

AliGenie
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

AliGenie
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

AliGenie
No
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

AliGenie
Partial
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

AliGenie
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

AliGenie
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

AliGenie
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

AliGenie
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

AliGenie
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

AliGenie
No Disclosure
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

AliGenie
No Disclosure
Average22
61%

Amazon

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Amazon.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Amazon.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Amazon.com
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Amazon.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Amazon.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Amazon.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Amazon.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Amazon.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Amazon.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Amazon.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Amazon.com
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Alexa
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Alexa
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Alexa
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Alexa
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Alexa
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Alexa
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Alexa
Partial
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Alexa
Partial
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Alexa
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Alexa
No Disclosure
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Alexa
No Disclosure
Average39
25%

Apple

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iOS
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iOS
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iOS
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iOS
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iOS
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iOS
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iOS
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iOS
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iOS
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iOS
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iOS
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iMessage
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iMessage
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iMessage
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iMessage
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iMessage
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iMessage
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iMessage
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iMessage
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iMessage
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iMessage
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iMessage
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iCloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iCloud
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iCloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iCloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iCloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iCloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iCloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iCloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iCloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iCloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iCloud
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Siri
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Siri
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Siri
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Siri
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Siri
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Siri
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Siri
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Siri
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Siri
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Siri
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Siri
NA
Average17
33%

Baidu

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu Search
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu Cloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu Cloud
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu Cloud
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu PostBar
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu PostBar
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu PostBar
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu PostBar
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu PostBar
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu PostBar
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu PostBar
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu PostBar
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu PostBar
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu PostBar
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu PostBar
NA
Average33
33%

Google

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Google Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Google Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Google Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Google Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Google Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Google Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Google Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Google Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Google Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Google Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Google Search
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Gmail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Gmail
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Gmail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Gmail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Gmail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Gmail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Gmail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Gmail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Gmail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Gmail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Gmail
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

YouTube
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

YouTube
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

YouTube
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

YouTube
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

YouTube
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

YouTube
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

YouTube
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

YouTube
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

YouTube
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

YouTube
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

YouTube
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Android mobile ecosystem
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Android mobile ecosystem
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Android mobile ecosystem
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Android mobile ecosystem
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Android mobile ecosystem
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Android mobile ecosystem
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Android mobile ecosystem
Yes
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Android mobile ecosystem
Partial
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Android mobile ecosystem
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Android mobile ecosystem
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Android mobile ecosystem
NA
Average50
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Google Drive
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Google Drive
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Google Drive
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Google Drive
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Google Drive
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Google Drive
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Google Drive
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Google Drive
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Google Drive
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Google Drive
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Google Drive
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Google Assistant
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Google Assistant
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Google Assistant
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Google Assistant
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Google Assistant
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Google Assistant
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Google Assistant
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Google Assistant
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Google Assistant
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Google Assistant
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Google Assistant
NA
Average17
17%

Kakao

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Daum Search
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Daum Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Daum Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Daum Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Daum Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Daum Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Daum Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Daum Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Daum Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Daum Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Daum Search
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Daum Mail
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Daum Mail
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Daum Mail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Daum Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Daum Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Daum Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Daum Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Daum Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Daum Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Daum Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Daum Mail
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

KakaoTalk
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

KakaoTalk
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

KakaoTalk
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

KakaoTalk
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

KakaoTalk
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

KakaoTalk
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

KakaoTalk
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

KakaoTalk
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

KakaoTalk
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

KakaoTalk
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

KakaoTalk
NA
Average17
67%

Meta

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Facebook
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Facebook
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Facebook
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Facebook
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Facebook
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Facebook
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Facebook
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Facebook
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Facebook
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Facebook
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Facebook
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Instagram
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Instagram
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Instagram
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Instagram
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Instagram
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Instagram
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Instagram
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Instagram
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Instagram
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Instagram
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Instagram
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

WhatsApp
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

WhatsApp
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

WhatsApp
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

WhatsApp
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

WhatsApp
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

WhatsApp
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

WhatsApp
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

WhatsApp
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

WhatsApp
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

WhatsApp
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

WhatsApp
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Messenger
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Messenger
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Messenger
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Messenger
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Messenger
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Messenger
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Messenger
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Messenger
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Messenger
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Messenger
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Messenger
NA
Average67
73%

Microsoft

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Bing
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Bing
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Bing
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Bing
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Bing
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Bing
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Bing
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Bing
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Bing
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Bing
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Bing
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Outlook.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Outlook.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Outlook.com
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Outlook.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Outlook.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Outlook.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Outlook.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Outlook.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Outlook.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Outlook.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Outlook.com
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Skype
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Skype
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Skype
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Skype
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Skype
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Skype
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Skype
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Skype
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Skype
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Skype
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Skype
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

OneDrive
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

OneDrive
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

OneDrive
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

OneDrive
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

OneDrive
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

OneDrive
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

OneDrive
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

OneDrive
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

OneDrive
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

OneDrive
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

OneDrive
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

LinkedIn
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

LinkedIn
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

LinkedIn
No
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

LinkedIn
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

LinkedIn
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

LinkedIn
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

LinkedIn
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

LinkedIn
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

LinkedIn
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

LinkedIn
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

LinkedIn
NA
Average33
39%

Samsung

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Samsung implementation of Android
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Samsung implementation of Android
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Samsung implementation of Android
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Samsung implementation of Android
Yes
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Samsung implementation of Android
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Samsung implementation of Android
Yes
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Samsung implementation of Android
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Samsung implementation of Android
Partial
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Samsung implementation of Android
No
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Samsung implementation of Android
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Samsung implementation of Android
NA
Average39
67%

Tencent

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

QZone
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

QZone
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

QZone
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

QZone
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

QZone
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

QZone
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

QZone
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

QZone
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

QZone
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

QZone
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

QZone
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

QQ
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

QQ
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

QQ
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

QQ
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

QQ
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

QQ
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

QQ
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

QQ
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

QQ
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

QQ
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

QQ
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

WeChat
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

WeChat
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

WeChat
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

WeChat
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

WeChat
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

WeChat
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

WeChat
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

WeChat
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

WeChat
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

WeChat
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

WeChat
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Tencent Cloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Tencent Cloud
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Tencent Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Tencent Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Tencent Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Tencent Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Tencent Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Tencent Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Tencent Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Tencent Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Tencent Cloud
NA
Average67
50%

Twitter

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Twitter
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Twitter
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Twitter
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Twitter
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Twitter
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Twitter
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Twitter
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Twitter
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Twitter
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Twitter
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Twitter
NA
Average50
50%

VK

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Vkontakte
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Vkontakte
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Vkontakte
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Vkontakte
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Vkontakte
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Vkontakte
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Vkontakte
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Vkontakte
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Vkontakte
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Vkontakte
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Vkontakte
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Mail.Ru email
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Mail.Ru email
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Mail.Ru email
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Mail.Ru email
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Mail.Ru email
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Mail.Ru email
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Mail.Ru email
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Mail.Ru email
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Mail.Ru email
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Mail.Ru email
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Mail.Ru email
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Mail.Ru Cloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Mail.Ru Cloud
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Mail.Ru Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Mail.Ru Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Mail.Ru Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Mail.Ru Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Mail.Ru Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Mail.Ru Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Mail.Ru Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Mail.Ru Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Mail.Ru Cloud
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Odnoklassniki
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Odnoklassniki
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Odnoklassniki
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Odnoklassniki
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Odnoklassniki
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Odnoklassniki
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Odnoklassniki
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Odnoklassniki
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Odnoklassniki
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Odnoklassniki
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Odnoklassniki
NA
Average33
100%

Yahoo

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yahoo Mail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yahoo Mail
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yahoo Mail
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yahoo Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yahoo Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yahoo Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yahoo Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yahoo Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yahoo Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yahoo Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yahoo Mail
NA
Average100
67%

Yandex

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Mail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Mail
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Mail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Mail
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Search
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Search
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Disk
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Disk
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Disk
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Disk
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Disk
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Disk
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Disk
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Disk
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Disk
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Disk
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Disk
NA
Average67