X-Sense Vulnerability Disclosure Policy

Free Shipping for Orders Over $35.

X-Sense places great importance on the security of its products and services, striving to develop secure and reliable products while ensuring the protection of user privacy. At the same time, security researchers play a crucial role in safeguarding X-Sense products and consumers. We have established a Vulnerability Disclosure Policy and a comprehensive vulnerability management process in accordance with standards such as ISO/IEC 30111 and ISO/IEC 29147. This ensures a prompt response when vulnerabilities are discovered and enhances product security.

I. Vulnerability Severity Rating: X-Sense uses industry-standard practices to assess the severity of potential security vulnerabilities in its products. For example, we refer to CVSS (Common Vulnerability Scoring System), which consists of three metric groups: Base, Temporal, and Environmental. We also encourage users to evaluate the actual environmental score based on their own network conditions and use it as the final vulnerability score in specific environments to support decisions regarding vulnerability mitigation deployment.

Different industries follow different standards. X-Sense uses the Security Severity Rating (SSR) as a simpler method for classifying vulnerabilities. With SSR, we categorize vulnerabilities as Critical, High, Medium, Low, or Informational based on the overall severity score.

II. Vulnerability Reporting Guidelines: If you discover a security vulnerability in the X-Sense system, including but not limited to X-Sense devices, the X-Sense mobile app, services, cloud, or data security, please report it to us promptly.

Please include the following details in your report:

Model and version of the observed vulnerability, software information, IP or page.
A brief description of the vulnerability type, for example: "This is a vulnerability that could cause the app to crash."
Steps to reproduce the issue. These steps should be benign, non-destructive, and serve as proof of concept. This helps ensure the report can be addressed quickly and accurately.

Alternatively, you can send the report via email to support@x-sense.com.

III. Response Time: 1. The X-Sense security team will receive the vulnerability report and begin evaluating the issue within one business day.
2. Critical vulnerabilities will be followed up within 24 hours, with a preliminary conclusion and rating provided.
3. High-risk vulnerabilities will be followed up within three business days, with a preliminary conclusion and rating provided.
4. All other vulnerabilities will be followed up and rated within seven business days. If the reporter believes the situation is urgent, they may send an email to support@x-sense.com. Upon confirmation by a reviewer, the case will be expedited.

IV. Vulnerability Disclosure Statement: Vulnerability management is conducted throughout the product/software version lifecycle, and X-Sense will manage vulnerabilities for all products until the End of Service (EOS) date.

To protect our users, X-Sense will not disclose, discuss, or confirm any security issues until a full investigation is completed and an update is released. We kindly request that reporters keep vulnerabilities confidential and do not share or disclose unresolved vulnerabilities with third parties until X-Sense provides a relevant patch solution.

To better support customers with patch deployment and risk assessment, X-Sense will synchronize the vulnerability fix status with software updates. We recommend upgrading to the latest product/software version or installing the latest patch according to update prompts to reduce vulnerability risks.

Prompt

Confirm

Shopping Cart

Your cart is currently empty.

Continue shopping