Software Update Lifecycle

How to Report a Security Issue:

If you believe you have discovered a vulnerability in a Boolean Cloud Security product or have a security incident to report, please complete the Vulnerability Report Form.

 

When we receive a vulnerability report, we take a series of steps to resolve the issue internally. All reported vulnerabilities are scored according to the Boolean Cloud IoT Vulnerability Rating Scale (CVRS).

1. Boolean Cloud requires the reporter to provide confidential details of the vulnerability.

2. Boolean Cloud investigates and verifies the vulnerability.

3. Boolean Cloud fixes the vulnerability and verifies the fix across Boolean Cloud Security product lines.

4. Boolean Cloud releases an OTA update to Boolean Cloud Security products.

5. Boolean Cloud monitors the stability of Boolean Cloud Security products after the update.

 

Once a report is received, it will be acknowledged and an initial assessment will be conducted within three business days.The assessment will be completed within seven business days, and the vulnerability will be fixed or a remediation plan will be developed.

 

When to Fix:

Critical-risk vulnerabilities will be fixed within 7 business days. High-and medium-risk vulnerabilities will be fixed within 30 business days. Low-risk vulnerabilities will be fixed within 180 business days. Please note that some vulnerabilities may be subject to environmental or hardware limitations. The final timeline will be determined based on actual circumstances.

To protect our customers, Boolean Cloud IoT will support Boolean Cloud products with security updates for at least 2 years. The support period will not be shortened after announcement. If the support period is confirmed to be extended, we will update the list below as soon as possible to help you check whether your device can still receive security updates. If you believe you have discovered a security or privacy vulnerability that affects Boolean Cloud devices, software, services, or web servers, please report it to us. We welcome everyone to report issues, including security researchers, developers, and customers. Boolean Cloud will resolve security vulnerabilities in our products quickly and carefully. We will take the necessary measures to minimize the risk to our customers, provide information in a timely manner, and provide the vulnerability fixes and mitigations needed to resolve security threats in Boolean Cloud devices, software, or web servers. We appreciate anyone giving us an opportunity to improve our products and services and better protect our users. Thank you for working with us through the above process.

 

Email address :  jiqiren@shouxin168.com