The KAYTUS Product Security Incident Response Team (PSIRT) is a global team that manages the receipt, investigation and internal coordination of security vulnerability information related to KAYTUS products.

KAYTUS PSIRT is a focal point for security researchers, industry groups, government organizations, and vendors to report potential KAYTUS product security vulnerabilities. This team will coordinate with KAYTUS product and solutions teams to investigate, and if needed, identify the appropriate response plan. Maintaining communication between all involved parties, both internal and external, is a key component of our vulnerability response process.

Security vulnerability refers to the defect or weakness that may be exploited to breach the system security mechanism in the system design, deployment, operation or management.

The security vulnerability escalator must submit a potential security vulnerability related to KAYTUS via email. Please send an email to sec@kaytus.com, with the name of the vulnerability (such as: XX product XX vulnerability) in the subject of the email. The content of the email should be as detailed as possible, including:

• The name and contact information of the escalator or organization

• The products and versions affected

• The way to discover potential vulnerabilities–including process, step, screenshot, and/or reproduction method

• Information about known exploits

• Recommendation for a possible fix for a potential vulnerability

A member of the KAYTUS PSIRT will review your e-mail and contact you to collaborate on resolving the issue. For more information on how KAYTUS works to resolve security issues, see Vulnerability handling guidelines

Security vulnerabilities in KAYTUS products are actively managed through a well-defined process. The process consists of 5 key steps:

Reception:The process begins when the KAYTUS PSIRT becomes aware of a potential security vulnerability in an KAYTUS  product. KAYTUS PSIRT notifies the appropriate KAYTUS product teams depending on the nature and effect of the potential vulnerability for analysis and then, it is categorized accordingly.

Analyzation:KAYTUS PSIRT attempts to reproduce the issue to verify whether it is a vulnerability.After the initial analysis, the vulnerability undergoes further investigation by  KAYTUS PSIRT to determine the underlying cause and possible methods of exploitation. The appropriate  product team completes the remediation plan for the vulnerability, taking into consideration the affected versions.

Solution:The product team develops a solution that mitigates the reported security vulnerability . Solutions will take different forms based on the vulnerability. Such as product upgrades 、patches or product documentations.  In cases where a vulnerability is being actively exploited, KAYTUS may deliver a temporary solution to contain the issue while working on the full solution. Before publishing the solution, all security flaws are verified (security related or not)  and treated and fixed when applicable.

Communication:Once the remediation is available, KAYTUS intends to notify the affected customers about the vulnerability using either targeted communications or issue a public Security Bulletin. KAYTUS PSIRT discloses security vulnerabilities in two forms:

Security Advisory (SA): Provide information about security vulnerabilities identified with KAYTUS products, including any fixes, workarounds or other actions.

Security Notice (SN): Provide information of general interest about security topics related to KAYTUS  products or the use of KAYTUS products.

Feedback:The last stage in KAYTUS PSIRT process allows for KAYTUS PSIRT to share findings with our Engineering team(s) to help minimize similar vulnerabilities in future KAYTUS offerings

Throughout the vulnerability handling process, our PSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers.

In order to express our sincere gratitude to vulnerability reporters, KAYTUS PSIRT has established a vulnerability discovery reward plan to reward vulnerability reporters. Welcome Security researchers around the world to report security vulnerabilities.

The sec@kaytus.com e-mail address should only be used for reporting security issues.

If you...

 》Have questions about the security features of an KAYTUS product

 》Require technical support

 》Want product updates or patches

Please visit Support Center.