VisionTek insists on the principle of vulnerability disclosure. After the necessary certification process, VisionTek discloses vulnerability information to stakeholders such as our customers, CERT coordination organizations, etc., to build a secure cyberspace together. VisionTek will notify customers who are affected by the vulnerability through direct communication or external announcements.
Vulnerability Response Process
We monitor security problems and receive vulnerability reports indicatively.
Safety laboratory and related products verification, confirm and evaluate risk levels for the security problem.
We formulate mitigation measures, develop for fixing the vulnerability, and develop security early warning strategy.
Official disclose vulnerability information when security problem have precautionary measures and fix patches.
The Security Emergency Response Center will strictly control the spread of vulnerability information and limit it to the person who handles the vulnerability. It also requires the vulnerability reporter to keep the vulnerability confidential until it is publicly disclosed.
The Security Emergency Response Center provides Base Metrics and Temporal Metrics for vulnerabilities based on the CVSS (Common Vulnerability Scoring System). Based on Customers' environment, they can get Environmental Metrics according to their own needs.
VisionTek uses CVE (Common Vulnerability and Exposures) and CNCVE to reference third-party vulnerability information.
Security vulnerability refers to the defect or weakness that can be exploited to violate the system security policy in the system design, deployment, operation or management.
The security vulnerability reporter can submit VisionTek relevant potential security vulnerabilities by email ([email protected]
). In order to verify and locate the vulnerability, please try to include but not limited to the following contents in the email:
- Organization and contact information
- Reference information
- The affected product or solution and its version
- Description of the potential vulnerability
- Technical details (such as system configuration, location method, description of exploit, sample capture packet, POC, steps of problem reproduction, etc.)
- Information about the public exploit
- Possible vulnerability disclosure plans
VisionTek Security Lab
In the past few years, the security industry has developed from the analog era in which closed small bureaus are typical application scenarios to a digital era in which metropolitan area and large network connection are the typical application scenarios. Now IP network load is the basic state, so security has become an important proposition in the next stage of video surveillance industry.
As the pioneer of IP monitoring solutions, VisionTek has always concerned a lot about security problem in product development and design. We are willing to share our understanding of the architecture of the security system and solutions with users and partners at the first time, so as to provide users with a secure video monitoring system.
Security is a systematic work. In order to find out the hidden danger lies in the basic security protection system, it's important to insist on finding out and fixing vulnerabilities. VisionTek hopes to cooperate with professional IT security companies and IT security researchers to continuously improve the information security level of security monitoring system.
It is a long way to establish a stable, reliable and sustainable security system. With an open attitude, we sincerely hope to cooperate through various platforms and channels. In terms of organizational process, management standards, technical standards and other aspects, we would like to cooperate with peers in the video surveillance industry to face the threats and challenges and protect the information security in video surveillance industry.
No matter you are a user, a professional IT security company or an IT security researcher, if you have any suggestions, consultations, or asking for help about network security, you are welcomed to contact VisionTek Security Lab at [email protected]