Vulnerability Disclosure Policy
As a provider of security products we take security issues very seriously and recognize the importance of privacy and data security. We are committed to addressing and reporting security issues to protect users. Whether you’re a user of Anker security products, a software developer, or simply a security researcher, you’re an important part of this process.
How To Report Security Issues:
If you believe you have discovered a vulnerability in a Anker Security product or have a security incident to report, please fill out the vulnerability report form.
When we receive a vulnerability report, Anker takes a series of steps to address the issue internally, referring to ISO/IEC 30111. All reported vulnerabilities are scored according to the Common Vulnerability Scoring System 3.1 (CVSS) standard.
Step 1: Anker requests the reporter provide confidential detailed information of the vulnerability.
Step 2: Anker investigates and verifies the vulnerability.
Step 3: Anker fixes the vulnerability and verifies the fix across Anker Security product lines.
Step 4: Anker releases an OTA (over the air) update to the Anker Security product.
Step 5: Anker monitors the stability of the Anker security product after the update.
Report receipt will be confirmed within 1 business day and a preliminary assessment will take place. Within 3 business days assessments will be complete and the vulnerability will be fixed or will have a remediation plan in place.
Critical risk vulnerabilities will be fixed within 3 business days.
High and medium risk vulnerabilities will be fixed within 30 business days.
Low risk vulnerabilities will be fixed within 180 business days.
Note, some vulnerabilities are subject to environment or hardware restrictions. Final remediation time will be determined according to the real-world situation.
We greatly appreciate anyone who can give us a chance to improve our products and services, and better protect our users.
Thank you for working with us through the above process.