Zebra脆弱性開示
Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion. Vulnerability disclosure is a vital component to our Secure Through Partnership approach; enabling our customers to manage risk properly through awareness and guidance. All Zebra products security bulletins and notifications are posted to the Zebra Security Alerts webpage.
1. 報告
Zebraは、セキュリティ研究者、サードパーティコンポーネントベンダー、その他の外部グループから報告されたZebra製品/ソリューションの脆弱性をまとめた脆弱性レポートを活用しています(VDPレポートページ).
2. トリアージ
Zebra partners with the vulnerability reporter to investigate and confirm the vulnerability. Once validated, Zebra's vulnerability management team coordinates with Zebra product/solutions teams to determine the scope, severity, and appropriate actions needed to respond to the vulnerability.
3. 調整
Zebraはリスク管理を実施し、検証と改善の計画を作成します。その後、下記のいずれかの方法でお客様にお知らせします:
- LifeGuardページ
- リリースノート
- サードパーティサポート情報
- 製品マーケティング情報
4. 開示
Through coordinated vulnerability disclosure, Zebra publishes notifications to Security Alerts Page. For maximum awareness, Zebra, as appropriate, will report vulnerabilities to MITRE to have a Common Vulnerabilities and Exposures (CVE) assigned.