Security Vulnerability Disclosure
Policy
1. Security Vulnerability Response Center (S-CERT)
Hanwha Techwin’s S-CERT*1 department is a team dedicated to addressing security vulnerabilities of Hanwha Techwin’s Wisenet products and responding promptly (analysing and preparing countermeasure) in the event of a security vulnerability.Please contact the S-CERT team at secure.cctv@hanwha.com with detailed product information and instructions on how to reproduce the symptoms of the vulnerability when you find a product-related security vulnerability.※ S-CERT does not respond to requests related to product support and features. Please contact your Hanwha Sales Representative for general product inquiries.
2. Security Vulnerability Response Process
Upon receipt of a security vulnerability report, a Security Breach Accident Countermeasures Council is convened immediately. The goal of the Council is to analyse the content and impact of the vulnerability, prepare the resolution for the issue, and post the patched firmware on the website as soon as possible.
3. Security Vulnerability Notice Policy
The vulnerability patched firmware is uploaded to the website*2 together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information/firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attack scenarios for vulnerabilities are not disclosed to prevent imitating attacks. If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.
The vulnerability patched firmware is uploaded to the website*2 together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information/firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attack scenarios for vulnerabilities are not disclosed to prevent imitating attacks. If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.
* 1. S-CERT: Security-Computer Emergency Response Team
*2. Cyber Security page of the website (Support > Cyber Security)