PSIRT
Our Product Security Efforts
Our Motto:
“Customer safety and security is paramount. We are proactively improving product security and are quick to address critical vulnerabilities.”
Our Process:
Continuous upgrades to our products, systems and services are implemented throughout our products’ life cycles and released as needed through our product webpage. Upgrades are done using our four-step process.
1. Product Development
We use ISO internationally recognized standards for quality product development to ensure our products meet or exceed the requirements of our customers. Our products are subject to third-party testing and static/dynamic code analysis.
2. Open Reporting
When a product issue is reported, we will access the vulnerability, develop a solution and release a software or firmware patch through our webpage.
We will add information here about vulnerabilities and updated software/firmware discovered by well-intentioned researchers and ourselves. Frequently check this site if there is an available software/firmware update of the products.
Security Advisories
SBOMs are becoming increasingly important for supply chain risk management, and we have been managing SBOMs in our own format long before a standard SBOM format was established. We disclose SBOMs along with software/firmware from products for which the standard format SBOM is ready.
3. Vulnerability Testing
Although we know it is impossible to develop a product with no vulnerabilities, we do our best to make sure that our products are thoroughly tested before we release them to the market. For our hardware, this means thousands of hours of rigorous testing to make sure our cameras meet specifications. For our software and firmware, we have an expert team that analyzes the code for vulnerabilities prior to release. This includes a third-party analysis of the code and static/dynamic testing of our software and firmware.
4. Post-sales Support
Buying a product from us is just the beginning of our relationship. If there are vulnerabilities or issues found in the code of our devices, then we will repeat the above steps to remediate the vulnerability and release updated software.
We will continue to provide support for a sufficient period of time even after production is discontinued.
Firmware/software support policy for discontinued i-PRO products
If you have discovered an undisclosed vulnerability in our products, Please report it to the following address.
i-PRO Product Security Incident Response Team
The Vulnerability Response Policy is as follows.
Vulnerability Response Policy