HOME > NEWS > CORPORATE NEWS
Back to list

Vulnerability Disclosure Policy

2024/06/27

Kinglumi Co., Ltd. (“Kinglumi” or “we”)  is committed to providing users with practical, convenient, and safe products. We know that security researchers play an important role in Internet security, so we pay tribute to all security researchers. We welcome security researchers to actively provide feedback on security issues with our products, but we expect to follow our reasonable vulnerability submission process.

 

Submit potential security vulnerabilities

If you discover security vulnerabilities in our product, please feel free to contact us info@kinglumi.com Submit. When submitting, we hope that you can provide the following additional information:

The time and severity of the problem discovered;

Detailed description of the problem, expected execution effect and actual effect;

If the problem is too complex, please provide a video;

 

Reasonable Disclosure Guidelines

We encourage security researchers to disclose potential security vulnerabilities, but we require compliance with the following reasonable disclosure guidelines:

Prohibit access, modification, or even destruction of other people's data;

Strive to avoid behaviors that lead to service interruption or degradation;

It is prohibited to publicly disclose personal and system data that does not belong to you to third parties without our permission;

However, please note that we do not offer a vulnerability reward program, meaning we will not pay rewards for disclosing security vulnerabilities. With the original intention of providing users with practical, convenient, and safe products, we will confirm each issue you disclose (if it does exist), but we will not publicly confirm them.

 

Vulnerability rating

We use Security Severity Rating (SSR) as a simpler classification method. SSR classifies vulnerabilities into five levels based on the comprehensive score of vulnerability severity evaluation, including Critical, High, Medium, Low, and Informational.

 

Vulnerability response time

After receiving the potential security vulnerabilities that you have submitted in accordance with our prescribed procedures, we will make every effort to help security researchers achieve the following goals:

Strive to achieve a first response time of 2 working days after submitting a vulnerability report;

Make every effort to classify vulnerabilities based on their rating within 3 working days;

Strive to fix security vulnerabilities rated as severe or high within 7 working days;

Vulnerabilities rated as medium, low, or informational will be prioritized at a lower level, but efforts will be made to fix them within 21 working days;

Throughout the vulnerability response process, we will prioritize handling security vulnerabilities with higher vulnerability ratings, while coordinating and arranging the handling of vulnerabilities of other levels. We will do our best to keep security researchers informed of our progress. If we need more detailed information, we will proactively contact you and hope to provide assistance.

 

Vulnerability handling process

To achieve timely response, we will do our best to detect vulnerabilities as soon as possible. One is to encourage security researchers to submit potential security vulnerabilities to us; Secondly, regularly conduct vulnerability scans on systems, applications, and networks; The third is to classify vulnerabilities in a timely manner according to their security severity level, and develop vulnerability repair plans in a timely manner based on their severity level. After completing the vulnerability fix, we will release the corresponding updates and attach the update instructions (including vulnerability information and repair solutions). For applications, updates can be obtained from the application marketplace (such as Apple Store, Google Play); If there is an update to the device firmware, there will be an update prompt when using the app to enter the corresponding device's settings page.


深圳网站建设