Vulnerability Disclosure Policy

As a security product provider, we hold privacy and data security in the highest regard and are dedicated to promptly addressing and disclosing security vulnerabilities to safeguard our users. Your role is vital in this collaborative effort, whether you're a Zendure security product user, software developer, or independent security researcher.

Reporting Security Concerns:

If you identify a potential vulnerability in any Zendure Security product or need to report a security incident, please submit details via our dedicated vulnerability reporting form.

Our Response Process:

Upon receiving a report, Zendure initiates a structured internal procedure aligned with ISO/IEC 30111 guidelines. Each vulnerability is assessed using the Common Vulnerability Scoring System (CVSS) version 3.1. 
The key steps include:

  1. Information Gathering: We will request confidential, comprehensive details about the vulnerability from you.
  2. Investigation and Verification: Our team thoroughly examines and confirms the reported issue.
  3. Resolution and Testing: The vulnerability is fixed, and the solution is validated across all relevant Zendure Security product lines.
  4. Deployment: An over-the-air (OTA) update is released to affected products.
  5. Post-Update Monitoring: We continuously track product stability following the update.

Timeline Commitments:

  • Within 10 business days: We acknowledge receipt and conduct an initial assessment.
  • Within 5 business days: The assessment concludes, resulting in a remediation plan or immediate fix.
  • Critical-risk vulnerabilities: Addressed within 10 business days.
  • High- and medium-risk vulnerabilities: Resolved within 60 business days.
  • Low-risk vulnerabilities: Fixed within 180 business days.

Important Note: Certain vulnerabilities may be influenced by environmental or hardware constraints, so final remediation times are adjusted based on real-world factors.

We deeply value your contributions, as they empower us to enhance our offerings and better protect our user community. Thank you for partnering with us through this essential process.