Vulnerability reporting and response
1. Vulnerability reporting and response
If outsiders discover security vulnerabilities in our products, they can send an email to infocollect.sec@gmail.com with a brief description. The company's PSIRT team will confirm receipt of the vulnerability report and contact you within 2 working days at the latest. If necessary, a secure channel will be established to invite you to upload detailed vulnerability information.
2. Vulnerability handling service SLA requirements
The vulnerability handling SLA requirements are shown in the following table:
| CVSSv3 base score | Vulnerability response time | Vulnerability resolution time | Release bug fix version |
|---|---|---|---|
| Extremely dangerous | Within 24 hours | Within 24 hours | Depending on the specific situation |
| High risk | Within 1 business day | Within 5 business days | Within 30 days, depending on the specific situation |
| Medium risk | Within 2 business days | Within 15 business days | Within 60 days, depending on the specific situation |
| Low risk | Within 2 business days | Within 25 business days | Within 90 days, depending on the specific situation |