We provide comprehensive support for your business growth, including online assistance, document sharing, and more.
During the whole process, PSIRT will strictly control the scope of information distribution amongst employees relevant to the vulnerability response. Meanwhile, PSIRT will also request the vulnerability reporter keep the vulnerability confidential until Huawei releases the public Security Advisory (SA)
Huawei uses two methods to disclose the security vulnerabilities:
When we release the public SA in the official website , we may also release the SA in text format on security forums, vulnerability database or email lists, however only The official Huawei website will be kept up-to-date with the current information
PSIRT uses CVSSv2 to give the Base Score, Temporal Score and attack vector of each vulnerability in the SA. The Environmental Score will be given by the customer based on their own environment. For the CVSSv2 standard, please refer to: http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2
Huawei uses CVE (Common Vulnerability and Exposures) to quote the vulnerabilities outside of Huawei vulnerability disclosure websites.
Huawei PSIRT will release the summary of security Bulletin on the second Wednesday of each month.