Shenzhen C-Data Technology Co., Ltd.
Shenzhen C-Data Technology Co., Ltd.

Cyber Security

Vulnerability handling strategy

Company's principles for vulnerability management

C-Data is committed to reducing or eliminating the harm caused to customers by product and service vulnerabilities, and reducing the potential security risks that vulnerabilities bring to customers/users. We will proactively identify our responsibilities in vulnerability management, build a management system, and proactively manage. Meanwhile, network security is a continuously evolving dynamic process, accompanied by the evolution of threats. We will continue to optimize the workflow and standards related to vulnerability management, continuously draw on industry standards and excellent practices, and enhance our maturity in vulnerability management.


Vulnerability handling process

C-Data is committed to improving product security and fully supporting the secure operation of customer networks and service. Emphasize vulnerability management in product development and maintenance to enhance product security and ensure timely response when vulnerabilities are discovered.


Step:

1. Accept and collect suspected vulnerabilities in the product. (We respond to the customer within 1-3 working days of receiving the information and collect as much valid information as possible, this is the initial response)

2. Confirm the validity and impact range of the suspected vulnerability. (We will conduct a vulnerability severity level assessment and inform all customers who may be involved to control the scope of risk. (If the resolution time is too long, we consider that we will provide pro-emergency measures within 90 days)

3. Develop and implement a vulnerability remediation plan. (We will keep in touch with the reporter, the laboratory to establish the appropriate experimental environment and conditions for verification, develop a timetable for completion and inform the client)

4. Release vulnerability patch information to clients. (After the patch is verified, we will release the updated program files, operation instructions and other documents to the clients, and announce the vulnerabilities)

5. Continuous improvement based on client feedback and practice.


Publish vulnerability information announcement

The announcement contains information on the severity level of vulnerabilities, service impact, and repair plans to convey the vulnerability repair plan. At the same time, respond to the public security topics of the product (including vulnerability and non vulnerability related topics), so that relevant customers can understand the progress of the company's response to this vulnerability.


Disclaimer&Reserved Permissions

The description in this article does not constitute a guarantee or commitment, and the company reserves the right to change or update this document at any time.

Contact information



Software Services Policy

Software Upgrade Service Policy

C-DATA is committed to providing customers with continuous technical support and more professional product services. Our software update service is designed to ensure that the equipment can maintain the best performance and safety, in line with the differentiated needs of customers. We do not mandate software upgrades, and new software must pass rigorous testing in our labs before we can recommend upgrades to our customers.


Software Upgrade Plan

We do not have a fixed upgrade plan, we are more based on customer feedback and equipment operation and other considerations. In addition, our team of engineers continue to optimise our products, and if we find potential problems or performance improvements, we will also inform our customers in a timely manner.


User upgrade suggestions

Our engineer team will keep in touch with our customers and notify them when new software is released. We also recommend that customers visit our website (https://www.cdatatec.com/tech-support/) to apply for software upgrades or contact our customer service to understand.


Software Lifecycle Policy

C-DATA will provide the customer with 2 years of product firmware maintenance updates from the completion of the order contract. If the product is discontinued during the service period, C-DATA will continue to honour the agreement and ensure that the customer receives 2 years of firmware maintenance and update service. If the 2-year period is exceeded, or if the product has been discontinued for more than 2 years, if the customer needs to continue to extend the service period, the customer has to make a request and sign an agreement with C-DATA.


Software upgrade guide

The upgrade operation is based on one of the products as an example, other products upgrade operation is similar, detailed operation can be found in the specific product user manual.

1、Login the WEB. 

2、Select Management->Firmware Update. Click ‘+’ to select firmware file, click ‘Upgrade’ 

3、button to upgrade the CPE.

4、After the application, the device is upgraded to the latest software version.



Network Security Vulnerability Feedback

If customers find or suspect network security vulnerabilities during operation and maintenance, please provide the following information so that our technicians can quickly and accurately conduct risk assessment and formulate solution measures: 1. product type and model name; 2. software/hardware version; 3. product batch and order information; 4. description of the security vulnerability (the functional module or code involved); 5. security vulnerability being attacked and the exploitation of the The process of attack and exploitation of the security vulnerability; 6. Packets generated during the attack process.



Contact information

Email:support@cdatatec.com

Tel:+86 18138281179


Subscribe Us
Subscribe to be the first to hear about news and upcoming products
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. By using this site, you agree to our use of cookies. Visit our cookie policy to learn more.
Reject Accept