We encourage and welcome all security researchers, vendors and users to report possible security vulnerabilities to AIVELA. If you have discovered a potential vulnerability or other security issue with our products, please send the details of the vulnerability you have discovered via e-mail directly to the official AIVELA e-mail address support@aivela.com. In order to ensure timely response and handling, we strongly recommend that you use our designated email address for vulnerability reports, please do not send reports through other email addresses. Please ensure that your report contains the following:
● A clear and relevant title;
● The specific product model, software version, etc.;
● Vulnerability specific information and details of the impact of the issue;
● Any information that may help to reproduce or diagnose the problem.
Until we fix the vulnerability and release a security advisory, please keep any information related to the vulnerability you discover confidential. Please do not send vulnerability reports and related information to other users or companies to ensure that the vulnerability is not misused.
Response Objectives
Critical risk vulnerabilities will be fixed within 7 business days. High and medium risk vulnerabilities will be fixed within 30 business days. Low risk vulnerabilities will be fixed within 180 business days. Please note that some vulnerabilities may be subject to environmental or hardware limitations. Final timelines will be determined based on actual circumstances.
How We Handle Reported Vulnerabilities
At AIVELA, we take every vulnerability report seriously. Once a report is received, our security and engineering teams follow a clear and transparent process to ensure the issue is properly addressed and resolved.
1. Acknowledgement
We promptly acknowledge receipt of your report and confirm that it has been logged for review by our security team.
2. Customer Notification
If the reported vulnerability impacts a customer’s system or product, we inform the affected customer as soon as possible and keep them updated throughout the entire process.
3. Analysis and Assessment
Our experts verify the reported issue, evaluate its severity, determine its root cause, and assess the potential impact on our systems and customers.
4. Fix and Remediation
Once the vulnerability is confirmed, our development team works to create and implement an appropriate fix or mitigation to eliminate the issue.
5. Testing and Verification
Before releasing any update, we thoroughly test the fix to ensure that the vulnerability is fully resolved and that no new issues are introduced.
6. Release and Deployment
After successful testing, a new software or firmware version containing the fix is released. When applicable, release notes will mention that a security issue has been addressed.
7. Final Notification
Once the update is available, we notify affected customers and provide guidance on how to apply the fix or upgrade to the latest version.