Vulnerability Disclosure Policy

Vulnerability Reporting and Response Process：

Hikvision attaches great importance on cybersecurity of its products and solution. We promise that for every problem reported, there is a specially assigned person to follow up, analyze and give feedback in time.

Hikvision supports responsible vulnerability reporting procedures, and respect the research results of every white hat, who will be welcomed to report the vulnerability to Hikvision. Hikvision request the vulnerability reporter keep the vulnerability confidential until Hikvision releases the public Security Advisory.

HSRC uses CVSSv3.1 to give the Base Score, Temporal Score and attack vector of each vulnerability in the security advisory. For the CVSSv3.1 standard, please refer to: http://www.first.org/cvss/specification-document

HSRC uses CVE (Common Vulnerability and Exposures) to quote the vulnerabilities outside of Hikvision vulnerability disclosure websites.