Security Response Plan

[Vulnerability Submission]

Before reporting a vulnerability, suggest you to take a look at Definition of a Security Vulnerability and 10 Immutable Laws of Security as reference, make sure it is a security vulnerability. Please provide details while submit a vulnerability, and please do not discuss the vulnerability in any form prior to Grandsun notifying you that it is fixed.

[Vulnerability Assessment]

After the vulnerability was submitted, we will start assessment process ASAP, we might need contact you for more information during this phase.

[Vulnerability Fix]

Once we identified it is a valid issue, we will raise tickets in our internal issue tracking system and start bug fix process. Grandsun classes four grade for software vulnerabilities, critical and high severity, medium severity and low severity. We confirm different software update time period for different vulnerabilities grade. 3 months for Critical and high severity, 6 months for medium severity and 1 year for low severity.

[Vulnerability Disclosure And OTA Release]

After the bug is fixed, we will issue a security advisory on the website. and what problems have been fixed in the latest software release.

[Amazon related vulnerability handling process]

Any security incident that affects equipment or devices which related with Amazon will notify Amazon in 24 hours.