Report Vulnerabilities

You can report vulnerabilities through Kami Security Center, Hackerone vulnerability platform, or via email. The following are the detailed reporting methods:

Mailbox

security@kamivision.com.cn

Response Time

After receiving the vulnerability you reported, we will send you vulnerability response related information within 48 hours based on the platform you used to report the vulnerability, as follows:
1) For vulnerabilities reported through the Kami Security Center or Hackerone platform, we will send you a vulnerability response notice, information confirmation and feedback related to the vulnerability through the platform's internal messaging system. The progress of the vulnerability's solution development will also be continuously updated through the corresponding platform's internal messaging system or email as soon as possible.
2) For vulnerabilities reported via email, we will send you a vulnerability response notice, information confirmation and feedback related to the vulnerability via email. The progress of the vulnerability's solution development will also be continuously updated through email as soon as possible.

* Note: Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability.

Vulnerability Disclosure Instructions

Kami discloses security vulnerabilities in its products in two ways:
- Security Advisory (SA): When the vulnerability has been confirmed, we will disclose detailed information about the vulnerability and the corresponding fix within 180 days of completing the vulnerability analysis and developing a fix plan through a SA.
- Security Notice (SN): When a potential vulnerability is discovered or noted externally, but we have not confirmed the vulnerability yet, we disclose the basic information of the vulnerability and our investigation progress through an SN.

Product support Policy overview

We do our best to providevering the brands of Kami. Thecontinuous secunty updates forsecurity updates generally include the latest security patches, security vulnerabiity fixes, and other security improvements. Typically, wewill maintain the security updates for at least 2 years after the first shipment of a certain device model.