GeoVision's Cyber Security Policy
Security First at GeoVisionIt is the duty and responsibility of GeoVision to notify all users in cases when security concerns have been raised. GeoVision follows detailed practices to ensure the highest standards of network security are met. Whenever plausible security vulnerabilities are discovered, immediate actions are taken by devising necessary upgrades and informing users of the issues.
GeoVision is the first Taiwan tech company to be certified by TAICS (Taiwan Association of Information and Communication Standards), on 2018/11/19, to pass its Level 2 of video surveillance system security standards. As of date, it is the highest level of security any Taiwan tech company has achieved.
The latest security patches and updates are included in the latest software/firmware releases and are available at GeoVision product download page at https://www.geovision.com.tw/download/product/ provided the product is still supported by GeoVision.
Contact InformationWe encourage users to report any newly discovered vulnerability in our products by contacting our security team at email@example.com
Note: GeoVision security team will not process requests for support, feature modification requests. Such requests are processed by either our sales department or technical support.
GeoVision Vulnerability Policy
Vulnerability Management FlowFor any newly reported vulnerability in any GeoVision product, a specific team is dispatched to work with research & development and testing departments and ensure the solution is provided without generating any further risk to users.
The main general flow is designed in 4 stages:
- Solution update & follow up
Vulnerability ClassificationA vulnerability when confirmed is classified as non-critical or critical.
The class of critical would suggest high level of risk for users and GeoVision will provide an unscheduled update to fix the vulnerability and documentation to assist users on applying the update.
The Non-critical class vulnerability when not posing any risk to the recommended usage of the product is going to be solved in the normally scheduled firmware release.
Processing and Reaction TimeAny valid report sent to firstname.lastname@example.org will be responded within 48 hours and with the possibility of additional questions required for investigation.
CertificationsTAICS (Taiwan Association of Information and Communication Standards)
|Advisory ID||Advisory||CVE ID||Status||Date Published||Article|
|GV-ERM-2023-05||GV-Edge Recording Manager (Windows) Vulnerabilities||CVE-2023-23059||Completed||03-May-23||Security Advisory|
|GV-ASM-2022-11||GV-ASManager Vulnerabilities||N/A||Completed||23-Nov-22||Security Advisory|
|GV-SFW-2022-04||Notice of Spring4Shell Vulnerabilities||CVE-2022-22965||Completed||25-Apr-22||Notice of Spring4Shell Vulnerabilities|
|GV-IP-2022-04||Statement of Passwords||N/A||Completed||11-Apr-22||Statement of Passwords|
|GV-SFW-2022-01||Notice of Log4j Vulnerabilities||CVE-2021-44228, CVE-2021-45046||Completed||6-Jan-22||Notice of Log4j Vulnerabilities|
|GV-Cloud-2021-10||Notice of Security Incident||N/A||Completed||22-Oct-21||Notice of Security Incident|
|GV-IP-2021-09||IP Camera Vulnerabilities||N/A||Completed||28-Sep-21||Security Advisory|
|GV-IP-2021-07||IP Camera Vulnerabilities||N/A||Completed||27-Sep-21||Security Advisory|
|GV-ASM-2021-06||Multiple XSS Vulnerabilities||N/A||Completed||21-Jul-21||Security Advisory|