You are here:Home » Vulnerability Management Policy
Principles of Cybersecurity Vulnerability Management
HSGQ is committed to building a solid product cyber vulnerability response process to provide customers with reliable guidelines and solutions to minimize their cyber security risks. To this end, HSGQ has established a Product Cybersecurity Incident Response Team (PSIRT), responsible for responding to product cybersecurity incidents and possible product vulnerabilities. HSGQ has always been committed to implementing cybersecurity practices based on accepted and used international industry standards, continuously optimizing the cybersecurity vulnerability handling procedures and responses, and proactively supporting industrial cybersecurity to become our customers' trusted partner. We have become a reliable partner for our customers.
Product Network Security Vulnerability Management Program
HSGQ product cyber security vulnerability management program is divided into five stages, each stage has specific processes and operational requirements. HSGQ strictly follows the following cyber security practices.
Initial Response: Upon receipt of an external report of a vulnerability in an HSGQ product, the PSIRT will contact the reporter for an initial response within seven business days.
Assessment and Classification: The PSIRT will analyze and classify the product cybersecurity vulnerability involved in the report to initially identify the extent to which the vulnerability affects HSGQ products. Upon completion of this phase, HSGQ will provide the preliminary assessment results to the reporter.
Investigation and Research: PSIRT will collaborate with the product development team to identify the root cause of the vulnerability, assess the extent of the vulnerability's impact on HSGQ's products, and propose solutions to mitigate the risk and remediate the vulnerability. The PSIRT will maintain active communication with the reporter during this phase.
Vulnerability Remediation: PSIRT will collaborate with product development teams to develop software/firmware remediation patches or identify risk mitigation measures. In the meantime, the PSIRT will continue to monitor information about the vulnerability to properly assess the severity of the vulnerability. If the vulnerability has a high risk rating and the time required for patch development is long, HSGQ will provide emergency mitigation measures to customers first, within 90 days.
Disclosure: PSIRT will post the results of cybersecurity vulnerabilities on the "Security Bulletins" page of the HSGQ website. The content includes: vulnerability description, potentially affected products and versions, mitigation measures, remediation plan, etc.
Using the Common Vulnerability Scoring System (CVSS) and the HSGQ Risk Vulnerability Management Model, the HSGQ PSIRT and the R&D team assess the potential risk of the cybersecurity vulnerability based on factors such as security context, likelihood of the vulnerability being exploited, and its impact, etc., and accordingly determine the timeline for resolving the issue. After confirming the impact of the vulnerability on HSGQ products, HSGQ will immediately set up a dedicated testing environment to assess the severity of the vulnerability and will further communicate with the vulnerability reporter if necessary. After determining the root cause of the vulnerability and the extent of its impact on HSGQ products, HSGQ will conduct remediation analysis and provide solutions or risk mitigation measures.
Identified vulnerabilities: None For the latest security information on specific products, you can contact HSGQ via email.
If you discover a suspected vulnerability in any HSGQ product, please report it to HSGQ immediately. For HSGQ, timely detection of cybersecurity vulnerabilities is the key to minimizing product security risks. You can notify PSIRT of product cybersecurity vulnerabilities by email. Your messages and files will be encrypted using HSGQ PSIRT's HTTPS secure form. When reporting a product cybersecurity vulnerability, please provide the following information in order to improve the speed of risk assessment and development of remediation measures:
1. Product name and model number 2. Software/firmware version 3. Equipment and software required to reproduce the event history 4. Steps to reproduce the incident (if possible, please attach pictures or program code) 5. Proof-of-concept exploit code 6. Brief description of how an attacker could exploit the vulnerability 7. Packet sidelogging of the attack process (using tools such as Wireshark)
The site uses the HTTPS protocol to ensure that user information is encrypted in transit. Any other information you think is valuable. e-mail: hsgq@hsgq.com
Disclaimer
The specifics of the Cybersecurity Vulnerability Management Principles are subject to change on a case-by-case basis. We do not guarantee a response to any particular issue. Use of the information contained in this document or the content linked from this document is at your own risk, and HSGQ reserves the right to modify any of the contents of these Principles at any time without notice. If any changes are made, the revised document will be posted on the official HSGQ website: www.hsgq.com.