We are committed to improving the security of our products to fully support the secure operations of customers' networks and services. We have always attached great importance to vulnerability management in product development and maintenance, and have established a robust vulnerability handling process based on ISO/IEC 27001 and ISO/IEC 62443 to improve product security and ensure timely response to vulnerabilities.
Vul. Response Process:
1.Vulnerability awareness: Receive and collect suspected vulnerabilities in products.
2.Validation & assessment:Confirm the validity and impact scope of suspected vulnerabilities.
3.Vulnerability remediation:Develop and implement vulnerability remediation solutions.
4.Remediation information release: Release vulnerability remediation information to customers.
5.Closed-loop improvement:Make continuous improvement based on customers' comments and practices.
Throughout the vulnerability handling process, our strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers.
We will take necessary and reasonable measures to protect the obtained data based on legal compliance requirements. We will not proactively share or disclose the data to others unless otherwise required by law or by the affected customer.
Vulnerability Severity Rating
We assess the severity of suspected vulnerabilities in our products based on industry standard CVSS (Common Vulnerability Scoring System). During the assessment, we will also consider the impact of vulnerabilities on products in real life usage to determine the priority of patching on vulnerabilities.
Vulnerability Bulletins
We will release the vulnerability information and the patching plan to the public in the bulletin area of the official website.
Disclaimer & Rights Reserved
If this document is available in multiple languages, the Chinese version shall prevail. The policy described in this document does not constitute warranties, commitments, or contract parts. Westwell may adjust it as appropriate.
We reserve the right to change or update this document at any time as necessary to increase transparency or respond more actively.
As changes to this policy are posted, we will revise the "Update Date" at the bottom of this policy.
Update:2022/6/20