Security vulnerabilities: According to "ISO_IEC 29174-2018", vulnerabilities refer to behaviors or condition sets that violate implicit or explicit security policies in systems, products, components, or services. Vulnerabilities can be considered as weaknesses or exposure points with security implications or consequences. Attackers use vulnerabilities to destroy the confidentiality, integrity, availability, operability, or other security attributes of the attacked object.
If you can contact us via Email to submit potential security vulnerabilities to ZWSOFT PSIRT, we will actively initiate the emergency response process for vulnerabilities after receiving the email, and may contact you to confirm the vulnerability information. Because the product security vulnerability information is highly sensitive, we strongly recommend that you use our public PGP key (key ID 0x5B3D02EC; PGP fingerprint: FCD3 9262 1D3C 1033 B40A 4DBF 88AE 3627 5B3D 02EC) to encrypt the vulnerability information before sending it to ZWSOFT PSIRT.
Email address: psirt@zwsoft.com
Public PGP key: key ID 0x5B3D02EC; PGP fingerprint: FCD3 9262 1D3C 1033 B40A 4DBF 88AE 3627 5B3D 02EC
In order for ZWSOFT PSIRT to rapidly analyze, verify and locate the vulnerabilities reported by you, please includes but not limited to the following information:
- Your organization and contact information
- Affected products or solutions and their versions
- Description of potential vulnerabilities
- Technical details (example system configuration, positioning method, exploit description, sample capture, POC, steps to reproduce the problem, etc.)
- Exploit information
- Possible vulnerability disclosure plan