Incident Response

We attach great importance to security issues and welcome all security researchers to report potential security vulnerabilities to us to improve the security of our products and services.

Verification




Verify the vulnerability and confirm the exploitability and impact

Solution Development



Provide effective fix solutions or risk remediations measures

Affected Scope Confirmation



Investigate and confirm the complete scope of affected products

Release SA




Review and publish the security advisory for the security vulnerability
Vulnerability Response and Disclosure Process
Recipient




Monitor and and assign received vulnerabilities in a timely manner
Vulnerability Disclosure Instructions
Mailbox
info@zdenergy.com

The email should include at least the following information:
- Your organization and contact information
- Products and versions affected
- Description of the potential vulnerability
- Information about known exploits
- Disclosure plans
- Additional information, if any


Attention
Although we encourage investigation of potential security breaches, we cannot tolerate any activity that may interfere with legitimate users or may violate applicable computer abuse, cyber security and data protection regulations. Therefore, the following activities are prohibited:
- Modification or destruction of data
- Service disruption or degradation, such as DoS
- Disclosure of personal, proprietary or financial information


Response Time
We'll respond within 48 hours to the vulnerabilities you submit.
* Note: Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability.
Vulnerability Disclosure Instructions
ZDenergy discloses security vulnerabilities in its products in two ways:
- Security Advisory (SA): When the vulnerability has been confirmed, we disclose detailed vulnerability information and corresponding     
remediations through an SA.
- Security Notice (SN): When a potential vulnerability is discovered or noted externally, but we have not confirmed the vulnerability yet, we 
disclose the basic information of the vulnerability and our investigation progress through an SN.
The vulnerability information shall be kept confidential until ZDenergy releases the Security Advisory or Security Notice to the public.
For the basic principles and dispute resolution during the vulnerability reporting and disclosure