vulnerability management
Welcome to aosu Vulnerability Management Program !
Vulnerability Management Program
As a security product provider, we take users' privacy and data security very seriously. We will regularly check and track the vulnerabilities on aosu products and the status of public open-source components or components from component vendors and third-party vendors. In addition to our efforts, we also hope that more people will participate. Whether you are a user of aosu products, a software developer, or a security researcher, you are an essential part of this program. If you have discovered a vulnerability in an aosu product or have a security incident to report, please share your discovery with us. Your discovery will be acknowledged and assessed promptly. Once vulnerabilities are confirmed, a remediation plan will be formulated.
Writing Guidelines
A high-quality vulnerability report is great to help us confirm and address an issue more quickly. A complete report includes:
- A detailed description of the issue(s) and the behavior you observed, as well as the behavior that you expected.
- A numbered list of steps required to reproduce the issue.
- A reliable exploit for the issue you are reporting.
- Details of any related issues or variants.
aosu strongly recommends including a working exploit, rather than a basic proof of concept.
How to Submit Your Research
Via Email: You can email your report to g-sec@aosulife.com.
If you believe you have discovered a security vulnerability that affects aosu devices, software, services, or aosu-owned web servers, please report it to us. Anyone can submit a report, including security researchers, developers, and customers. We prioritize resolving security and privacy issues as quickly as possible. Please note that, for the protection of our customers, aosu does not disclose or confirm security issues until our investigation is complete and any necessary updates are available.
Vulnerability Review Phase
- Within 10 business days, aosu will acknowledge receipt of the vulnerability report and follow up to start assessing the issue.
- Within 30 business days, aosu will process the issue and provide a conclusion. If necessary, they will communicate with the reporter to confirm details and request assistance.
- We will provide security updates for all series as they are released. This ensures that your products are protected from emerging threats. Scope of support: The full range of aosu products.
Duration of support: 1 year after release;
Information about products not manufactured by aosu, or independent websites not controlled or tested by aosu, is provided without recommendation or endorsement. aosu assumes no responsibility with regard to the selection, performance, or use of third-pary websites or products. aosu makes no representations regarding third-party website accuracy or reliability.
Conclusion
At aosu, we are committed to maintaining the highest standards of security and privacy for our users. Your contributions are invaluable in helping us achieve this goal. We appreciate your efforts in identifying and reporting vulnerabilities, and we are dedicated to working collaboratively to resolve any issues promptly and effectively. Together, we can create a safer and more secure environment for everyone. Thank you for being a part of the aosu Vulnerability Management Program.