ZWSOFT Product Security Incident Response Team (PSIRT) is responsible for receiving, identifying, processing, and disclosing security vulnerabilities related to ZWSOFT products and solutions, and it is the only outlet to disclose the vulnerability of ZWSOFT products. ZWSOFT PSIRT collaborates effectively with customers and stakeholders to quickly provide solutions to vulnerabilities.
ZWSOFT PSIRT will respond to vulnerability according to the vulnerability response process.
Vulnerability Reception
Actively monitor and receive security vulnerabilities, enable the vulnerability response process, and confirm with the reporter.
Analysis and Verification
Analyze and investigate, quickly identify vulnerabilities, and define severity levels.
Solution Development
Develop vulnerability mitigation and repair plans and security alarm policies.
Disclosure
Disclosure of vulnerability information after the repair plan is available.
Feedback
Collect and summarize the opinions of customers and the company, and carry out the iterative plan based on the feedback.
Due to the sensitivity of security vulnerabilities, ZWSOFT PSIRT will strictly control the vulnerability information from being leaked during the whole process, such as personal or organization's identity information and IP address, vulnerability analysis information, etc. The vulnerability reporter is also required to keep the vulnerability confidential until ZWSOFT officially announces this information.
ZWSOFT discloses security vulnerabilities in the following two forms:
-SA(Security Advisory): After a clear and verified vulnerability solution is available, a security advisory must be issued to provide the partners and users with confirmed relevant technical information, including temporary fixes and solutions.
-SN(Security Notice): Provides general information related to security topics. When the external sources found and paid attention to the information about the vulnerabilities of ZWSOFT products, before ZWSOFT has confirmed any technical information, ZWSOFT can issue security notices to the users and organizations concerned, to explain the progress of ZWSOFT's response.
ZWSOFT PSIRT will immediately publish product security vulnerabilities announcements on the official website.
ZWSOFT does not guarantee the accuracy, integrity, sufficiency and reliability of the content and information contained in this policy, and expressly declares that it does not make any express or implied guarantees and guarantees for these content and information, including but not limited to particular purpose, no infringement of third party rights, etc. All legal responsibilities arising from the use and interpretation of this policy and its related content shall be borne by you. ZWSOFT can modify the content and information contained in this policy at any time without any notice or prompt.