Security Vulnerability Disclosure Policy
This policy applies to all websites, applications, and services operated by EdgeDX.
-
01
Reporting Mechanism
If you discover a vulnerability, please report it via email to :
-
02
Acknowledgement
We will acknowledge receipt of your vulnerability report within 5 business days.
-
03
Response Time
We will conduct an initial review and provide a response, including a plan for addressing the vulnerability, within 10 business days.
-
04
Handling and Resolution
Once a vulnerability is reported, it will be processed as follows :
- Investigation: Verify the validity and impact of the reported vulnerability.
- Verification: Confirm the reproducibility of the vulnerability.
- Mitigation: Take necessary actions to patch or mitigate the vulnerability.
- Resolution: Monitor the fix to ensure the vulnerability is fully resolved.
-
05
Disclosure Guidelines
After the vulnerability has been resolved, we will coordinate with the reporter to disclose the information.
The information will be made public no later than 30 days after the resolution. Public disclosure will be made through our website, and individual customers will be notified via email and firmware release notes.
-
06
Legal Safe Harbor
Researchers who follow the guidelines outlined in this policy will not face legal action from EdgeDX.
However, this protection does not apply to actions that are found to be malicious.