HID Consult logoHID Consult

Security

Our security approach

Security is a design constraint at HID Consult—not a feature added at the end. Here's how we handle security in everything we build and how to contact us if you find a vulnerability.

Secure delivery practices

  • All projects start with a security baseline review (auth design, secrets management, dependency audit)
  • Infrastructure provisioned with CIS-benchmark-aligned defaults
  • Dependencies scanned with npm audit / Dependabot on every build
  • Sensitive data never logged; environment variables managed with least-privilege
  • OWASP Top 10 checklist applied before every production release

IoT and smart systems security

  • NIST IoT core device cybersecurity capability baseline alignment
  • ETSI EN 303 645 consumer IoT security provisions
  • OWASP IoT Top 10 risk framework
  • No default credentials — unique provisioning per device
  • Network segmentation — IoT VLAN isolated from primary network

Responsible disclosure

  • If you discover a security vulnerability in our systems or code, please disclose it responsibly
  • Email: security@hidconsult.com with a clear description of the issue
  • We acknowledge receipt within 48 hours and aim to address critical issues within 7 days
  • We do not pursue legal action against researchers acting in good faith

Contact security team

For security-related inquiries or responsible disclosure:

security@hidconsult.com