At TomTom, we take security seriously. This document outlines our security policies and procedures.

If you discover a potential security vulnerability in the TomTom Navigation SDK, please let us know as soon as possible. We appreciate your efforts in responsibly disclosing the issue to us.

To report a security vulnerability, please email us at [email protected] and include the following details:

• Description of the vulnerability
• Steps to reproduce the vulnerability
• Any related technical details, including versions affected
• Your contact information for further communication

We will acknowledge receipt of your vulnerability report within 24 hours and will work with you to address the issue promptly.

We strive to respond to security reports as quickly as possible. Our team will assess the reported vulnerability and provide regular updates on the progress of addressing the issue.

• Within 48 hours: Initial assessment and acknowledgment of the report
• Within 10 business days: Providing information on the plan to address the vulnerability
• As soon as a fix is available: Timely release of patches or updates addressing the reported vulnerability

This security policy applies to the TomTom SDK repository on GitHub. It covers vulnerabilities discovered in the codebase, build configurations, and associated documentation.

We encourage responsible disclosure of security vulnerabilities. We ask that you refrain from publicly disclosing any potential vulnerabilities until we have had adequate time to address and release fixes for the issue.

We appreciate your collaboration in helping us maintain the security of the TomTom Navigation SDK.