bg line bg line

Vulnerability Response Process

During the vulnerability handling process, PSIRT will limit information only to employees relevant to vulnerability response. Meanwhile, PSIRT will also request the reporter of the vulnerability to refrain from sharing vulnerability information with others.

HiSilicon (Shanghai) provides security vulnerability information on its official website through:
Security Notice (SN):
rapidly responds to suspected vulnerabilities in HiSilicon (Shanghai) products that will or have been disclosed to the public or security issues.
Security Advisory (SA):
informs customers of a specific vulnerability, including its severity, potential impact on services, and remediation solutions. It provides feasible vulnerability remediation solutions to computer security incident response teams (CSIRTs) of customers or equivalent organizations to support customers as they make risk-related decisions on live networks.

We have established a comprehensive vulnerability handling process based on the ISO 29147/30111 standard. This process is as follows:

Vulnerability Awareness
After receiving a vulnerability report, HiSilicon (Shanghai) PSIRT acknowledges the receipt and asks the product team to analyze the reported vulnerability.
Vulnerability Verification
HiSilicon (Shanghai) confirms potential vulnerabilities and uses the CVSSv3.1 scoring system (https://www.first.org/cvss/) to assess the risk level and determine the response priority.
Remediation Development
HiSilicon (Shanghai) develops patches and versions to remediate vulnerabilities and tests them to ensure their quality.
Publish
HiSilicon (Shanghai) generally releases remediation solutions to customers in the form of guides, patches, or software versions, and notifies customers through an SA or release notes so that customers can make risk-related decisions accordingly.
Post-Remediation Activity
HiSilicon (Shanghai) collects feedback from customers and updates remediation solutions if necessary. HiSilicon (Shanghai) TAC provides patch download, update, and Q&A services.

HiSilicon (Shanghai) makes no warranties of any kind either express or implied as to the accuracy, completeness, sufficiency, and reliability of any of the information or content contained in this website, including but not limited to warranties of non-infringement and fitness for a particular purpose. Your use or interpretation of the information provided on this website is at your own risk, and this website and its information may be changed or updated without notice.