Cyber Security

GeoVision's Cyber Security Policy


Overview

Security First at GeoVision

It is the duty and responsibility of GeoVision to notify all users in cases when security concerns have been raised. GeoVision follows detailed practices to ensure the highest standards of network security are met. Whenever plausible security vulnerabilities are discovered, immediate actions are taken by devising necessary upgrades and informing users of the issues.

GeoVision is the first Taiwan tech company to be certified by TAICS (Taiwan Association of Information and Communication Standards), on 2018/11/19, to pass its Level 2 of video surveillance system security standards. As of date, it is the highest level of security any Taiwan tech company has achieved.

The latest security patches and updates are included in the latest software/firmware releases and are available at GeoVision product download page at https://www.geovision.com.tw/download/product/ provided the product is still supported by GeoVision.
 

Contact Information

We encourage users to report any newly discovered vulnerability in our products by contacting our security team at security@geovision.com.tw

Note: GeoVision security team will not process requests for support, feature modification requests. Such requests are processed by either our sales department or technical support.
 

GeoVision Vulnerability Policy

Vulnerability Management Flow

For any newly reported vulnerability in any GeoVision product, a specific team is dispatched to work with research & development and testing departments and ensure the solution is provided without generating any further risk to users.

The main general flow is designed in 4 stages:
  • Discover
  • Analyze
  • Prioritize
  • Solution update & follow up
 

Vulnerability Classification

A vulnerability when confirmed is classified as non-critical or critical.

The class of critical would suggest high level of risk for users and GeoVision will provide an unscheduled update to fix the vulnerability and documentation to assist users on applying the update.

The Non-critical class vulnerability when not posing any risk to the recommended usage of the product is going to be solved in the normally scheduled firmware release.
 

Processing and Reaction Time

Any valid report sent to security@geovision.com.tw will be responded within 48 hours and with the possibility of additional questions required for investigation.
 

Certifications

TAICS (Taiwan Association of Information and Communication Standards)
   

Security Advisory

Advisory ID Advisory CVE ID Status Date Published Article
GV-ERM-2023-05 GV-Edge Recording Manager (Windows) Vulnerabilities CVE-2023-23059 Completed 03-May-23 Security Advisory
GV-ASM-2022-11 GV-ASManager Vulnerabilities N/A Completed 23-Nov-22 Security Advisory
GV-SFW-2022-04 Notice of Spring4Shell Vulnerabilities CVE-2022-22965 Completed 25-Apr-22 Notice of Spring4Shell Vulnerabilities
GV-IP-2022-04 Statement of Passwords N/A Completed 11-Apr-22 Statement of Passwords
GV-SFW-2022-01 Notice of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046 Completed 6-Jan-22 Notice of Log4j Vulnerabilities
GV-Cloud-2021-10 Notice of Security Incident N/A Completed 22-Oct-21 Notice of Security Incident
GV-IP-2021-09 IP Camera Vulnerabilities N/A Completed 28-Sep-21 Security Advisory
GV-IP-2021-07 IP Camera Vulnerabilities N/A Completed 27-Sep-21 Security Advisory
GV-ASM-2021-06 Multiple XSS Vulnerabilities N/A Completed 21-Jul-21 Security Advisory