Security Vulnerability Policy
Overview
IPVideo Corporation follows industry best practices in managing and responding to security vulnerabilities in our products in order to minimize customer exposure to cyber risks. There is no way to guarantee that products and services are free from flaws that can be exploited for malicious attacks. This is not specific to IPVideo Corporation, but rather a general condition for all network devices. What IPVideo Corporation can guarantee, is that we always make a concerted effort at every possible stage in order to ensure that the least risk possible is associated with your IPVideo Corporation devices and services.
IPVideo Corporation acknowledges that standardized network protocols and services may have weaknesses that may be exploited for attacks. While IPVideo Corporation cannot take responsibility for these services, we are dedicated to providing recommendations on how to reduce and eliminate risks relating to your IPVideo Corporation devices.
The latest applicable security patches are included in the latest software/firmware releases. IPVideo Corporation provides free software and firmware updates for products covered under our Software Upgrade Protection Program. These updates can be downloaded by visiting the documents download section of each product’s page on our website: www.ipvideocorp.com.
Vulnerability Management
IPVideo Corporation classifies the severity of a vulnerability as either critical or non-critical. The classification is based on the risk for users when products are deployed, hardened and used in a recommended way. Newly discovered vulnerabilities that IPVideo Corporation classifies as non-critical will be managed in the normal scheduled firmware release cycle.
Newly discovered vulnerabilities that IPVideo Corporation classifies as critical may result in an unscheduled service release for applicable and supported firmware. A security advisory will be published at www.ipvideocorp.com/product-security including a case description, threat/risk analysis, recommendations and IPVideo Corporation’s plan to resolve the issue.
Reporting Vulnerabilities
While IPVideo Corporation will work to limit risks associated with vulnerabilities, if you identify a security vulnerability associated with an IPVideo Corporation product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
End users, partners, vendors, industry groups and independent researchers who have identified a potential risk are encouraged to email product-security@ipvideocorp.com. Please check www.ipvideocorp.com/product-security before contacting the team as your concern may already have been processed in a security advisory.
Note: IPVideo Corporation’s product security team will not process requests for support, modified features and statements. Such requests need to be sent through the appropriate IPVideo Corporation channel, typically sales or technical support.
Technical support: www.ipvideocorp.com/support
General: www.ipvideocorp.com
Response Process
All valid submissions to product-security@ipvideocorp.com will be processed and analyzed. IPVideo Corporation will reply within 48 hours with an acknowledgement and possible additional questions for investigation. Depending on severity level, IPVideo Corporation may follow up by posting further information on www.ipvideocorp.com/product-security.
IPVideo Corporation Product Portfolio Fully NDAA-Compliant
IPVideo Corporation is pleased to affirm that our entire product portfolio, which includes solutions marketed to the US government, Department of Defense (DoD) and associated contractors and affiliates, is fully NDAA-compliant.
Furthermore, IPVideo Corporation does not employ any SoC (System on Chip), or other components capable of processing software, from the banned Chinese companies. All IPVideo products use NDAA-compliant chipsets.
Receiving Information from IPVideo Corporation
IPVideo Corporation publishes guidelines, security advisories and statements on www.ipvideocorp.com/product-security.
*Please note that the advice and suggestions contained in this flyer are provided for informational purposes only and should not be construed or relied upon as comprehensive or exhaustive advice on how to protect your systems from cyber vulnerabilities. IPVideo Corporation does not guarantee that any of its products are immune from a potential cyber-attack and adhering to the advice and suggestions contained in this flyer may still result in your system being subject to cyber vulnerabilities or a cyber-attack.