Report a Vulnerability
Shenzhen JimiIoT&Concox Co., Ltd. is not only your location service solution provider, but also your loyal and reliable partner. JimiIoT&Concox attaches great importance to the personal privacy security of users and partners, and strives to reduce the risk of security vulnerabilities in products.We will provide you with timely and appropriate risk mitigation guidance by analyzing the vulnerabilities that have been discovered. JimiIoT&Concox invites you to find these risks together and jointly maintain our information security.
If you believe you have discovered a vulnerability in JimiIoT&Concox product or have a security incident to report, please fill out the vulnerability report form.
After receiving the vulnerability report, JimiIoT&Concox will take the following actions:
Step 1: quickly confirm your report within 1 working day.
Step 2: Investigate and verify the report, keep communicating with you.
Step 3: Fix the vulnerability and verify it on similar products.
Step 4: Publish product software updates via OTA (over the air).
Step 5: Monitor the stability of related products after applying OTA.
Report receipt will be confirmed within 1 business day and a preliminary assessment will take place. Within 3 business days assessments will be complete and the vulnerability will be fixed or will have a remediation plan in place.
Critical risk vulnerabilities will be fixed within 3 business days.
High and medium risk vulnerabilities will be fixed within 30 business days.
Low risk vulnerabilities will be fixed within 60 business days.
Note, some vulnerabilities are subject to environment or hardware restrictions. Final remediation time will be determined according to the real-world situation.
We greatly appreciate anyone who can give us a chance to improve our products and services, and better protect our users. During the discovery and repair of vulnerabilities, JimiIoT&Concox needs your assistance to make every effort to avoid infringement of user privacy, user experience degradation, service system interruption and data destruction. Please keep all the information of the discovered vulnerabilities confidential and do not disclose it to the third parties.
After ensuring that the vulnerability has been properly repaired, we will disclose it on the JimiIoT&Concox website as appropriate.
Thank you for working with us through the above process.