Company's principles for vulnerability management
C-Data is committed to reducing or eliminating the harm caused to customers by product and service vulnerabilities, and reducing the potential security risks that vulnerabilities bring to customers/users. We will proactively identify our responsibilities in vulnerability management, build a management system, and proactively manage. Meanwhile, network security is a continuously evolving dynamic process, accompanied by the evolution of threats. We will continue to optimize the workflow and standards related to vulnerability management, continuously draw on industry standards and excellent practices, and enhance our maturity in vulnerability management.
Vulnerability handling process
C-Data is committed to improving product security and fully supporting the secure operation of customer networks and service. Emphasize vulnerability management in product development and maintenance to enhance product security and ensure timely response when vulnerabilities are discovered.
Step:
1. Accept and collect suspected vulnerabilities in the product. (We respond to the customer within 1-3 working days of receiving the information and collect as much valid information as possible, this is the initial response)
2. Confirm the validity and impact range of the suspected vulnerability. (We will conduct a vulnerability severity level assessment and inform all customers who may be involved to control the scope of risk. (If the resolution time is too long, we consider that we will provide pro-emergency measures within 90 days)
3. Develop and implement a vulnerability remediation plan. (We will keep in touch with the reporter, the laboratory to establish the appropriate experimental environment and conditions for verification, develop a timetable for completion and inform the client)
4. Release vulnerability patch information to clients. (After the patch is verified, we will release the updated program files, operation instructions and other documents to the clients, and announce the vulnerabilities)
5. Continuous improvement based on client feedback and practice.
Publish vulnerability information announcement
The announcement contains information on the severity level of vulnerabilities, service impact, and repair plans to convey the vulnerability repair plan. At the same time, respond to the public security topics of the product (including vulnerability and non vulnerability related topics), so that relevant customers can understand the progress of the company's response to this vulnerability.
Disclaimer&Reserved Permissions
The description in this article does not constitute a guarantee or commitment, and the company reserves the right to change or update this document at any time.
Contact information
Software Upgrade Service Policy
C-DATA is committed to providing customers with continuous technical support and more professional product services. Our software update service is designed to ensure that the equipment can maintain the best performance and safety, in line with the differentiated needs of customers. We do not mandate software upgrades, and new software must pass rigorous testing in our labs before we can recommend upgrades to our customers.
Software Upgrade Plan
We do not have a fixed upgrade plan, we are more based on customer feedback and equipment operation and other considerations. In addition, our team of engineers continue to optimise our products, and if we find potential problems or performance improvements, we will also inform our customers in a timely manner.
User upgrade suggestions
Our engineer team will keep in touch with our customers and notify them when new software is released. We also recommend that customers visit our website (https://www.cdatatec.com/tech-support/) to apply for software upgrades or contact our customer service to understand.
Software Lifecycle Policy
C-DATA will provide the customer with 2 years of product firmware maintenance updates from the completion of the order contract. If the product is discontinued during the service period, C-DATA will continue to honour the agreement and ensure that the customer receives 2 years of firmware maintenance and update service. If the 2-year period is exceeded, or if the product has been discontinued for more than 2 years, if the customer needs to continue to extend the service period, the customer has to make a request and sign an agreement with C-DATA.
The upgrade operation is based on one of the products as an example, other products upgrade operation is similar, detailed operation can be found in the specific product user manual.
1、Login the WEB.
2、Select Management->Firmware Update. Click ‘+’ to select firmware file, click ‘Upgrade’
3、button to upgrade the CPE.
4、After the application, the device is upgraded to the latest software version.
If customers find or suspect network security vulnerabilities during operation and maintenance, please provide the following information so that our technicians can quickly and accurately conduct risk assessment and formulate solution measures: 1. product type and model name; 2. software/hardware version; 3. product batch and order information; 4. description of the security vulnerability (the functional module or code involved); 5. security vulnerability being attacked and the exploitation of the The process of attack and exploitation of the security vulnerability; 6. Packets generated during the attack process.
Email:support@cdatatec.com
Tel:+86 18138281179