Product security updates

Zanco Mobiles Limited Security Center

      Safeguarding against security issues is a top priority for us and we welcome anyone with a security background to report potential security vulnerabilities to us to improve the security of our products and services.

Vulnerability Response
Safeguarding against security issues is a top priority for us and we welcome anyone with a security background to report potential security vulnerabilities to us to improve the security of our products and services.

Vulnerability Response and Disclosure Process
1. ReceiveMonitor and promptly assign received vulnerabilities2. VerifyVerify the vulnerability and confirm the exploitability and impact3. Develop SolutionProvide effective solutions or risk remediation measures4. Confirm ScopeInvestigate and confirm the scope of affected products5. Release Security AdvisoryReview and publish the security advisory (SA) for the vulnerability

Report Vulnerabilities
Please report any security vulnerabilities via email to:info@zancomobiles.comThe email should include at least the following information, ideally as an attachment in this format:

Your organization and contact information

Products and versions affected

Description of potential vulnerability

Information about known exploits

Disclosure plans

Important Note
Although we encourage the investigation of potential security breaches, we cannot tolerate any activity that may interfere with legitimate users or violate applicable computer abuse, cyber security and data protection regulations. Therefore, the following activities are prohibited:

Modification or destruction of data

Service disruption or degradation, such as DoS

Disclosure of personal, proprietary or financial information

Response Time
We will respond within 48 hours to any vulnerabilities you submit.(Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability)

Vulnerability Disclosure Instructions
When an external party discovers or is concerned about a potential vulnerability, but we have not yet fully confirmed it, we will disclose basic information about the vulnerability and our investigation via email.The vulnerability information shall be kept confidential until ‘This port‘ releases the formal security advisory to the public.When the vulnerability has been confirmed to be fixed, new firmware will be released, and a firmware update change log will be published, containing a description of the vulnerabilities that have been solved.

Product Support Policy
We strive to provide continuous security updates for our products. The security updates generally include the latest patches, vulnerability fixes, and other security improvements. We will generally maintain security updates for at least two years from the launch date of a product. However, the security update situation may vary by product, so please pay attention to our announcements.

Note: Security update policies and products are subject to change and will be reviewed on a regular basis.

Wilson

Typically replies within a day