• Home

  • Documents

  • Merit LILIN Application Note LILIN Application Note LILIN Vulnerability Policy Document...
2
Merit LILIN Application Note LILIN Vulnerability Policy Document NumberA00135 Date2018/6/29 Dept: Technical Support, Taipei 1. Overview LILIN are dedicated to protecting our customers against cyber security attacks on our network cameras, network video recorders & VMS products. LILIN regularly review, investigate, report & implement against cyber security vulnerabilities in our products. LILIN’s cyber security assurance team has been formed to manage cyber security threats throughout the lifecycle of its products; including design, development, verification, manufacturing and service phases. LILIN are constantly reviewing and enhancing our cyber security efforts to provide our valued customers with the highest quality, safe and reliable products. LILIN cannot protect standardized network protocols and services from cyber-attacks, however we are committed to help minimize and prevent such events from occurring on LILIN products within our customers networks. For the latest LILIN software and firmware updates, please visit this web site . The latest firmware fixes or software patches are maintained at the site. 2. Vulnerability management LILIN are always working on maintaining the highest level of security for our products and customers. LILIN conducts product security maintenance throughout the product’s life cycle. In short, the vulnerability management is described below: Risk analysis and assessment of vulnerabilities with reference to the CVSS 3.0 Security guidance throughout development by CIA-AAA (confidentiality, integrity, availability, authentication, authorization & accounting) Secure programming guidance and FIPS 140-2 for sensitive data protection & cryptography Vulnerability and open ports scanning in the testing phase Third-party vulnerability auditing for LILIN products by our security partner Deloitte Taiwan Security controls and checkpoints for software/firmware releasing, loading and storing Based on the risks reported and discovered, we classify the severity of vulnerabilities as either critical or non-critical. The process for identifying a security vulnerability is discover, analyze, prioritize, remediate & track. LILIN release firmware updates on a regular basis to address bug fixes and non-critical vulnerabilities that are found in our products. Occasionally, there may be a critical vulnerability discovered that leaves our devices vulnerable to attack. LILIN will focus its priorities to fix this issue immediately outside of the

Merit LILIN Application Note LILIN Application Note LILIN Vulnerability Policy Document Number:A00135 Date:2018/6/29 Dept: Technical Support, Taipei 1. Overview LILIN are dedicated

Embed Size (px)

Citation preview

Page 1: Merit LILIN Application Note LILIN Application Note LILIN Vulnerability Policy Document Number:A00135 Date:2018/6/29 Dept: Technical Support, Taipei 1. Overview LILIN are dedicated

Merit LILIN Application Note

LILIN Vulnerability Policy

Document Number:A00135

Date:2018/6/29

Dept: Technical Support, Taipei

1. Overview LILIN are dedicated to protecting our customers against cyber security attacks on our network cameras,

network video recorders & VMS products. LILIN regularly review, investigate, report & implement against

cyber security vulnerabilities in our products.

LILIN’s cyber security assurance team has been formed to manage cyber security threats throughout the

lifecycle of its products; including design, development, verification, manufacturing and service phases.

LILIN are constantly reviewing and enhancing our cyber security efforts to provide our valued customers

with the highest quality, safe and reliable products.

LILIN cannot protect standardized network protocols and services from cyber-attacks, however we are

committed to help minimize and prevent such events from occurring on LILIN products within our

customers networks.

For the latest LILIN software and firmware updates, please visit this web site. The latest firmware fixes or

software patches are maintained at the site.

2. Vulnerability management

LILIN are always working on maintaining the highest level of security for our products and customers.

LILIN conducts product security maintenance throughout the product’s life cycle.

In short, the vulnerability management is described below:

Risk analysis and assessment of vulnerabilities with reference to the CVSS 3.0

Security guidance throughout development by CIA-AAA (confidentiality, integrity, availability,

authentication, authorization & accounting)

Secure programming guidance and FIPS 140-2 for sensitive data protection & cryptography

Vulnerability and open ports scanning in the testing phase

Third-party vulnerability auditing for LILIN products by our security partner Deloitte Taiwan

Security controls and checkpoints for software/firmware releasing, loading and storing

Based on the risks reported and discovered, we classify the severity of vulnerabilities as either critical or

non-critical. The process for identifying a security vulnerability is discover, analyze, prioritize, remediate

& track.

LILIN release firmware updates on a regular basis to address bug fixes and non-critical vulnerabilities that

are found in our products. Occasionally, there may be a critical vulnerability discovered that leaves our

devices vulnerable to attack. LILIN will focus its priorities to fix this issue immediately outside of the

http://www.meritlilin.com/en/support/file/type/Firmware
Page 2: Merit LILIN Application Note LILIN Application Note LILIN Vulnerability Policy Document Number:A00135 Date:2018/6/29 Dept: Technical Support, Taipei 1. Overview LILIN are dedicated

regular schedule and release a firmware fix for the vulnerable device.

3. Reporting suspected security vulnerabilities We encourage and welcome you report any cyber security vulnerabilities found in LILIN products to help

us to resolve & eliminate these threats. Please contact us at [email protected] or raise a ticket at

lilin.zendesk.com to report a vulnerability or other security concern.

LILIN will disclose and notify customers of any vulnerability found and of the resolution at LILIN Security

Bulletins.

4. Response process LILIN has established the Product Security Incident Response Team (PSIRT) committee to analyze all

submissions of vulnerabilities to [email protected] or lilin.zendesk.com.

LILIN PSIRT uses version 3.0 of the Common Vulnerability Scoring System (CVSS) as part of its standard

process of evaluating reported potential vulnerabilities in LILIN products.

LILIN PSIRT will endeavor to reply within 72 hours & if needed, will ask questions to help in identifying a

solution.

5. Receiving information from LILIN

LILIN have published this policy on LILIN Vulnerability Policy.

Subscribe to our product news and updates via the LILIN web site.

We also encourage users to take advantage of our many online resources:

Subscribe to LILIN news.

LILIN Downloads: With useful materials, such as brochures, firmware/software updates.

LILIN Support: Report any support issue via lilin.zendesk.com.

6. Security third-parties LILIN strive to provide our customers with the highest level of product security. To do so, LILIN have

partnered with the third-party, Deloitte Taiwan, for product vulnerability auditing and checking. LILIN are also

partnerded with TAICS for the latest network product security standards.

Contact

Contact lilin.zendesk.com for technical support.

mailto:[email protected]
https://www.meritlilin.com/security/
https://www.meritlilin.com/security/
mailto:[email protected]
lilin.zendesk.com
https://www.meritlilin.com/security/
https://www.meritlilin.com/en/news/subscribe
https://www.meritlilin.com/en/support/file/type/Firmware
https://www.meritlilin.com/en/support/file/type/6
lilin.zendesk.com
https://www2.deloitte.com/tw/en.html
https://www.taics.org.tw/eng/

Application Note 179 - University of Michigan DAI0179B Application Note 179 Cortex

Application Note 179 - University of Michigan DAI0179B Application Note 179 Cortex

Documents
lampu lilin

lampu lilin

Documents
Lilin Dental1

Lilin Dental1

Documents
Lilin Downhole Motor

Lilin Downhole Motor

Documents
Application Note AN018 - Trinamic · Application Note: TMC429 & TMC24x ... spo = 0x80000000 | (i

Application Note AN018 - Trinamic · Application Note: TMC429 & TMC24x ... spo = 0x80000000 | (i

Documents
PROGRAMMABLE CLOCK APPLICATION APPLICATION NOTE NOTE AN-234

PROGRAMMABLE CLOCK APPLICATION APPLICATION NOTE NOTE AN-234

Documents
Application Note 15 - Microchip Technologyww1.microchip.com/downloads/en/AppNotes/Practical...March 2001 1 Application Note 15 Application Note 15 Micrel Application Note 15 Practical

Application Note 15 - Microchip Technologyww1.microchip.com/downloads/en/AppNotes/Practical...March 2001 1 Application Note 15 Application Note 15 Micrel Application Note 15 Practical

Documents
LILIN DENTAL.ppt

LILIN DENTAL.ppt

Documents
Membuat Lilin

Membuat Lilin

Documents
Pembuatan Lilin

Pembuatan Lilin

Documents
TMEB8704 RFID Application Kit Application Note

TMEB8704 RFID Application Kit Application Note

Business
Merit LILIN Application Note Control4 & LILIN Integration ... · Merit LILIN Application Note Control4 & LILIN Integration for LPR/ANPR via LILIN Navigator Document Number :A00103

Merit LILIN Application Note Control4 & LILIN Integration ... · Merit LILIN Application Note Control4 & LILIN Integration for LPR/ANPR via LILIN Navigator Document Number :A00103

Documents
LILIN Device Cloud User Manual...For accessing LILIN DeviceHub on a PC, download LILIN IPScan. IPScan is able to scan LILIN DeviceHub. IPScan is able to scan LILIN DeviceHub. Double

LILIN Device Cloud User Manual...For accessing LILIN DeviceHub on a PC, download LILIN IPScan. IPScan is able to scan LILIN DeviceHub. IPScan is able to scan LILIN DeviceHub. Double

Documents
LILIN IR IP Camera User Manual Page1...LILIN Universal ActiveX Control ..... 5 LILIN HTTP API

LILIN IR IP Camera User Manual Page1...LILIN Universal ActiveX Control ..... 5 LILIN HTTP API

Documents
Application Note - NXP Semiconductors · AN10609_2 PN532 application note, C106 appendix Rev. 1.0 — March 10, 2008 Application note. Document information

Application Note - NXP Semiconductors · AN10609_2 PN532 application note, C106 appendix Rev. 1.0 — March 10, 2008 Application note. Document information

Documents
Application Note

Application Note

Documents
Lilin Dvr316 Manual

Lilin Dvr316 Manual

Documents
(5) Kisah 4 Lilin

(5) Kisah 4 Lilin

Documents
Nicolay Lilin - Educacion Siberiana

Nicolay Lilin - Educacion Siberiana

Documents
Lilin Magazine # Agustus 2014

Lilin Magazine # Agustus 2014

Documents
Application Note 150 · Spectrum Analysis Basics Application Note 150

Application Note 150 · Spectrum Analysis Basics Application Note 150

Documents
Kisah Lilin Harapan

Kisah Lilin Harapan

Documents
Kisah Empat Lilin

Kisah Empat Lilin

Education
Lilin Dental Pada GTSL

Lilin Dental Pada GTSL

Documents
AN2659 Application note - STMicroelectronics · Application note STM8 in-application programming (IAP) using a customized user-bootloader Introduction This application note is intended

AN2659 Application note - STMicroelectronics · Application note STM8 in-application programming (IAP) using a customized user-bootloader Introduction This application note is intended

Documents
Empat Lilin

Empat Lilin

Documents
Lilin Kecil_ Titrasi Permanganometri.pdf

Lilin Kecil_ Titrasi Permanganometri.pdf

Documents
Kisah 4 lilin

Kisah 4 lilin

Documents
Lilin-Lilin Kecilmembers.tjc.org/sites/en/id/ga documents/lilin protestan.pdfyang didapat penulis dari Tuhan dan keahlian penulis dalam menyajikan renungan-renungan ini menjadikan

Lilin-Lilin Kecilmembers.tjc.org/sites/en/id/ga documents/lilin protestan.pdfyang didapat penulis dari Tuhan dan keahlian penulis dalam menyajikan renungan-renungan ini menjadikan

Documents
Navigator User Manual - LILIN

Navigator User Manual - LILIN

Documents