Overview

Aivres is dedicated to providing secure and reliable products and services. Our goal is to provide customers with the information, guidance, and risk mitigation strategies necessary to address vulnerabilities in a timely manner.

Aivres believes that establishing relationships with security researchers and promoting security research are integral parts of our commitment to security first. We encourage security researchers to collaborate with us by proactively reporting security vulnerabilities related to Aivres products to the Aivres Product Security Incident Response Team (PSIRT). The Aivres PSIRT is responsible for coordinating the response and disclosure.

Reporting a Security Vulnerability

Security vulnerability refers to the defect or weakness that may be exploited to breach the system security mechanism in the system design, deployment, operation or management.

The security vulnerability escalator must submit a potential security vulnerability related to Aivres via email. Please send an email to serversupport@aivres.com, with the name of the vulnerability in the subject of the email. Please encrypt your email using our PGP public key (key ID 0x29B68890). The content of the email should be as detailed as possible, including:

• The name and contact information of the escalator or organization
• The products and versions affected
• The way to discover potential vulnerabilities–including process, step, screenshot, and/or reproduction method
• Information about known exploits
• Recommendation for a possible fix for a potential vulnerability

The Aivres PSIRT processes reported potential security vulnerabilities in accordance with the Vulnerability Response Process. For more information on how Aivres addresses security issues, please refer to the Vulnerability Response Process.

Aivres Vulnerability Handling Process

1. Vulnerability Intake

Proactively monitor and receive reports of potential security vulnerabilities and issues. The Aivres PSIRT will respond to the reporter within 7 calendar days of receiving the report.

2. Vulnerability Validation

Conduct technical validation of the reported information. If the vulnerability affects company products, assess the risk and determine the severity level.

Scoring: The Aivres PSIRT uses the Common Vulnerability Scoring System (CVSS) to score vulnerabilities.

Termination: The response process will be terminated if the vulnerability is a duplicate, benign, unverifiable, or affects a product that has reached its End-of-Life (EOL).

3. Remediation

Develop risk mitigation or fix solutions, verify the effectiveness of the remediation, and release product upgrades or patches.

4. Disclosure

Upon completion of the fix, publish vulnerability information to the public or affected users via channels such as the company website and mailing lists.

Aivres PSIRT discloses security vulnerabilities through two primary channels:

Security Advisory (SA): Provides detailed information regarding security vulnerabilities identified in Aivres products, including available fixes, workarounds, and recommended actions.

Security Notice (SN): Provides information of general interest concerning security topics related to Aivres products or their usage.

5. Tracking

Monitor the status of the fix and the stability of the product or service. Collect customer feedback and suggestions, and make further improvements to the fix or preventive measures as necessary. The vulnerability response process concludes when the fix is complete and product/service stability is not compromised.

Confidentiality & Coordination

Throughout the entire vulnerability response lifecycle, the Aivres PSIRT strictly controls the scope of information, limiting it to personnel directly involved in the remediation. We also require reporters to maintain strict confidentiality regarding the vulnerability until Aivres issues a public security advisory.

Need product support?

Whether you have inquiries about an Aivres product’s security features, require technical assistance, or need updates and patches, please visit the Support Center.