Vulnerability Reporting management
Reporting Suspected Vulnerabilities
Vulnerability Reporting management
Vulnerability Reporting management
Longsys PSIRT Introduction
The Longsys Product Security Incident Response Team (PSIRT) is responsible for receiving, evaluating, and addressing potential security issues in Longsys products.
We define a security vulnerability as a flaw that could be maliciously exploited to compromise the confidentiality, integrity, or availability of our products. Security vulnerabilities are distinct from general quality defects, as the latter typically cannot be intentionally triggered in attack scenarios.
Longsys PSIRT encourages users, customers, security researchers, partners, and suppliers to submit vulnerability reports in accordance with international standards (e.g., ISO/IEC 29147:2018 for vulnerability disclosure and ISO/IEC 30111:2019 for vulnerability handling processes). We commit to addressing all reports with transparency and efficiency, ensuring timely remediation.
Vulnerability Reporting
Longsys is committed to the security of our products. We have established a dedicated Product Security Incident Response Team (PSIRT) responsible for receiving, evaluating, and coordinating resolutions for potential security vulnerabilities.
We pledge to adhere to international best practices, ensuring transparency and timeliness in vulnerability handling to safeguard our customers’ supply chain security.
Vulnerability Reporting Channel
If you discover an exploitable security vulnerability in Longsys products (such as privilege escalation, data leakage, firmware flaws, etc.), please submit your report through the following channel (Report Template):
Email: psirt@longsys.com (PGP encryption supported)
Reporting Requirements: Please provide detailed vulnerability information, reproducible steps (PoC), affected product models and firmware versions to facilitate efficient validation.
Disclaimer: Compliant security research activities (e.g., white-hat testing) are legally protected. However, unauthorized destructive testing is strictly prohibited.
Security Mechanisms & Process
We adhere to international standards ISO/IEC 29147 (Vulnerability Disclosure) and ISO/IEC 30111 (Vulnerability Handling) to implement rigorous security response protocols. Given the sensitive nature of vulnerability information, we recommend using Pretty Good Privacy (PGP) encryption when sending reports to psirt@longsys.com. Click here to obtain Longsys's PGP public key (Key ID: B91F71A6D7697B74; PGP Fingerprint: 81E7 ABC1 FEFD BE93 6A1E D153 B91F 71A6 D769 7B74).
Vulnerability Assessment:
· Risk classification based on CVSS scoring (Low/Medium/High/Critical)
Remediation Coordination:
· Collaborative development of solutions with controller manufacturers and customers (including firmware updates and hardware iterations)
Verification & Closure:
· Post-remediation validation through internal testing and customer environment verification
· Security advisory publication upon completion
Exclusions:
1. Non-Longsys branded products (custom-labeled models should be reported through supply chain channels)
2. Pure functional defects (non-security related quality issues should be directed to technical support)