Incident Response

We attach great importance to security issues and welcome all security researchers to report potential security vulnerabilities to us to improve the security of our products and services.

Vulnerability Response and Disclosure Process

Step 1


Monitor and and assign received vulnerabilities in a timely manner

Step 2


Verify the vulnerability and confirm the exploitability and impact

Step 3

Solution Development

Provide effective fix solutions or risk remediations measures

Step 4

Affected Scope Confirmation

Investigate and confirm the complete scope of affected products

Step 5

Release SA

Review and publish the security advisory for the security vulnerability

Report Vulnerabilities

You can report vulnerabilities via email. The following are the detailed reporting method:

As the vulnerability information is extremely sensitive, we strongly recommend you NOT include private information sending to us. The email should include at least the following information: - Your contact information, anonymous email if possible - Products and versions affected - Description of the potential vulnerability - Information about known exploits - Disclosure plans - Additional information, if any

Response Time

After receiving the vulnerability you reported, we will send you vulnerability response related information within 48 hours: For vulnerabilities reported via email, we will send you a vulnerability response notice, information confirmation and feedback related to the vulnerability via email. The progress of the vulnerability's solution development will also be continuously updated through email as soon as possible. If the vulnerability is verified, we guarantee to solve the problem as long as 60 days. * Note: Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability.