漏洞通報表
Vulnerability Reporting Form
晟瑞科技股份有限公司(以下簡稱「本公司」)致力於確保產品、系統及服務之資訊安全。為強化資安治理與風險管理機制,本公司建立漏洞通報制度,歡迎資安研究人員及利害關係人依據負責任揭露原則(Responsible Disclosure)通報潛在安全漏洞。
NoonSpare Energy Technology Co., Ltd. (“the Company”) is committed to ensuring the security of its products, systems, and services. To strengthen cybersecurity governance and risk management, the Company has established a vulnerability disclosure program and welcomes responsible reporting from security researchers and stakeholders.
通報方式 Submission
請將完整通報內容寄送至以下信箱,或點選按鈕直接開啟通報郵件:
Please submit the completed report to:
啟動通報郵件範本 (Start Reporting)
通報資訊格式 Information to Include
為利本公司快速調查與核實,建議您的郵件內容包含以下資訊:
一、通報者資訊 Reporter Information
- 姓名 Name
- 單位 / 公司 Organization / Company
- 電子郵件 Email
- 聯絡電話 Contact Number(選填 Optional)
二、漏洞資訊 Vulnerability Details
- 影響產品 / 系統 Affected Product / System
- 漏洞類型 Vulnerability Type(如 XSS、SQL Injection、Authentication Bypass 等)
- 嚴重程度 Severity Level(Low / Medium / High / Critical)
- 漏洞描述 Description(請詳細說明漏洞成因與影響)
三、重現步驟 Steps to Reproduce
- 請提供可重現漏洞之詳細操作步驟 Detailed steps to reproduce the issue
四、影響評估 Impact Assessment
- 潛在影響(如資料外洩、系統中斷、未授權存取等)Potential impact (e.g., data leakage, service disruption, unauthorized access)
五、附件資料 Supporting Materials
- 螢幕截圖 / 系統紀錄 / 測試程式(PoC)Screenshots / Logs / Proof of Concept
通報處理流程 Response and Handling Process
- 本公司將於合理期間內確認收件(建議為 3–5 個工作天)。
The Company will acknowledge receipt within a reasonable timeframe (typically within 3–5 business days). - 將依漏洞嚴重程度進行分級、分析與修補。
Reported vulnerabilities will be assessed, prioritized, and remediated according to severity. - 必要時將與通報者聯繫以取得補充資訊。
The Company may contact the reporter for additional information if necessary. - 漏洞修復後,將視情況通知通報者處理結果。
The Company will provide status updates when appropriate.
負責任揭露原則 Responsible Disclosure
- 漏洞修復前,請勿對外公開相關資訊。
Please do not publicly disclose vulnerabilities before remediation. - 請避免進行可能影響服務可用性或用戶資料之測試行為。
Avoid testing activities that may disrupt services or compromise user data. - 請僅於授權範圍內進行安全測試。
Security testing should be conducted only within authorized scope.
適用範圍 Scope
- 本機制適用於本公司之產品、系統及相關服務。不包含第三方服務或未經授權之系統。
This policy applies to the Company’s products, systems, and related services. Third-party systems or services not owned or operated by the Company are excluded.
善意研究聲明 Safe Harbor
在善意前提下進行之資安研究與測試行為,若符合本通報機制與相關規範,且未造成系統中斷、資料外洩或其他重大損害,本公司將不對其採取法律行動。
Security research conducted in good faith, in compliance with this policy, and without causing harm to systems, data, or users, will not result in legal action by the Company.
Security research conducted in good faith, in compliance with this policy, and without causing harm to systems, data, or users, will not result in legal action by the Company.