Kontoor Brands Responsible Disclosure Program
Kontoor Brands takes security seriously and employs physical, technical, and administrative safeguards to protect the privacy and integrity of our systems and data for our customers, consumers, employees, and the company. If you are a security researcher and would like to report a potential security vulnerability in any of Kontoor’s publicly facing online services, please follow the instructions below to report the issue to our security team. Kontoor reserves all legal rights and remedies in the event of noncompliance with this Policy and any related Kontoor policies.
Kontoor’s Security team will do our best to acknowledge the submission within 7 business days. We may contact you for further details if needed to validate and/or reproduce the issue. Public disclosure of the vulnerability may be authorized after the vulnerability has been addressed and requires express written consent from Kontoor. Kontoor does not provide monetary rewards for vulnerability submissions.
Wrangler Consumer Relations, 400 N Elm St, Greensboro, NC 27401
- Disclosure of any vulnerability to a third party without Kontoor’s express written consent
- Denial of service attacks or automated scanning that might degrade service availability
- Social engineering (e.g., phishing) of Kontoor employees, consumers, or customers
- Modification or destruction of any data
- Accessing, collecting, storing, or otherwise obtaining sensitive information including but not limited to confidential company data, payment transaction data, or personal information of Kontoor customers, consumers, or employees
- Failure to destroy any such sensitive information that was inadvertently accessed
- Attempting to directly connect to Kontoor’s network or access employee only areas of Kontoor property
- Direct interaction with Kontoor customers, consumers, or business partners
- Uploading, sending, storing, or otherwise transmitting malicious software
- Disrupting or degrading Kontoor’s system operations, infrastructure, or user experience
- Accessing user accounts or user data other than your own