Security

Vulnerability Reporting

Report a Suspected Vulnerability

If you encounter or discover a potential vulnerability in a Westwell product, please inform Westwell promptly. Follow our reporting channels and security guidelines to submit your findings.

Vulnerability Reporting Channels

You can submit suspected vulnerabilities related to Westwell products via email at: wsrit@westwell-lab.com. Westwell will promptly verify any suspected vulnerabilities reported by security researchers, industry organizations, customers, or suppliers. You will typically receive an email confirmation from Westwell within 24 hours. We will also keep you informed of our progress as appropriate.

Security Guidelines

To protect sensitive vulnerability information, we recommend encrypting messages sent to wsrit@westwell-lab.com using openPGP (Pretty Good Privacy). Click here to get our openPGP public key (PGP fingerprint: F67BED9420299B20A429EFAE3E3044BDB580181B).

Throughout the vulnerability handling process, Westwell strictly limits access to vulnerability information to only those directly involved in resolving it. We also ask that reporters keep the information confidential until our customers have received a complete solution.

Updated: 2022/6/20

Vulnerability Handling Process

Westwell is committed to enhancing the security of Westwell products and supporting the safe operation of our customers’ networks and businesses. Westwell attaches great importance to vulnerability management during product development and maintenance. We have established a comprehensive vulnerability handling process aligned with ISO/IEC 27001 and ISO/IEC 62443. This helps us respond quickly and effectively when vulnerabilities are discovered, continuously improving product security.

Vulnerability Remediation Process:

1. Vulnerability Detection: Receive and collect suspected product vulnerabilities;

2. Verification & Assessment: Confirm the validity and impact scope of suspected vulnerabilities;

3. Vulnerability Patching: Develop and implement vulnerability patching plans;

4. Patch Information Release: Notify customers about patch information;

5. Closed-Loop Improvement: Continuously refine the process based on customer feedback and real-world experience

Security Guidelines

Westwell takes necessary and reasonable measures to protect acquired data in accordance with legal and compliance requirements. Westwell does not actively share or disclose the above data to other parties unless explicitly requested by the affected customers or required by law.

Vulnerability Severity Assessment

Westwell adopts industry-wide standards to assess the severity level of suspected vulnerabilities in its products. Severity is rated based on the CVSS (Common Vulnerability Scoring System), combined with the actual impact of vulnerabilities on the product — helping us prioritize vulnerability fixes.

Vulnerability Disclosure Announcement

Westwell will publish vulnerability information and remediation plans in the announcement section of our official website.

Disclaimer & Reservation of Rights

If this document is available in multiple languages, the Chinese version shall prevail in the event of any discrepancy. The policy descriptions in this document do not constitute a guarantee or commitment, nor do they form part of any contract. Westwell may adjust these policies at its discretion.

Westwell reserves the right to change or update this document at any time. We will update this policy statement as needed to enhance transparency or respond more proactively. When we post an updated version of this Policy, we will revise the "Last Updated" date at the bottom of this Policy.

Updated: 2022/6/20

Complaints and Reporting

If you discover any data security risks or breaches in our products, or any issues or risks related to the protection of personal information, please contact us.

You can contact us through the following channels. We will respond within 15 working days upon receiving your complaint or report.

Complaints and Reporting Email: wsrit@westwell-lab.com