Login Shop

Calterah Product Security Incident Response Team (PSIRT) is responsible for accepting and responding to security vulnerability reports with regard to Calterah products.

Security vulnerability report handling process

The process of handling submitted security vulnerability reports is as follows:

  • Calterah acknowledges your report and processes it.
  • Calterah evaluates the risk and impact of the reported vulnerability.
  • Calterah takes actions to mitigate the verified vulnerability.
  • Calterah discloses product vulnerabilities in the section Past vulnerability disclosure list, if appropriate.

Scope of security incidents

Calterah PSIRT handles the following cases:

  • Security incidents involving Calterah products
  • Flaws in security-related Calterah documents
  • Security-related Calterah documents or information found in places where they should not be
  • Security-related Calterah products found in places where they should not be

Report a security vulnerability

Calterah encourages you to send a report if you discover a potential security vulnerability related to Calterah products. You can report the potential security vulnerability to Calterah PSIRT at psirt@calterah.com. We strive to respond within one business day. Please report in English or Chinese, and provide the following information to help us perform a technical analysis of the vulnerability:

  • Calterah hardware or software products potentially affected (including versions or revisions)
  • How and when the potential vulnerability was discovered, and by whom
  • Technical descriptions of the potential vulnerability
  • Technical descriptions of the attack path
  • Proposed mitigations or helpful suggestions
  • Your contact information, e.g. email address, so that Calterah is able to ask any necessary follow-up questions

Vulnerability information is extremely sensitive. Calterah PSIRT strongly recommends encrypting security vulnerability reports before submission, using the PSIRT PGP/GPG key:

  • Fingerprint: E95F 7D0B 6088 0E83 7F3B 4622 6DAB 53B1 39D9 3A00
  • Public key file

You can use the following software to read and author PGP/GPG-encrypted messages:

Past vulnerability disclosure list

None

Download