漏洞揭露政策
Vulnerability Disclosure Policy (VDP)
一、政策聲明 (Policy Statement)
晟瑞科技股份有限公司致力於確保產品、系統與服務之資訊安全與穩定運行。我們採用「負責任揭露(Responsible Disclosure)」原則,並建立正式漏洞通報機制,以持續強化資安防護能力。歡迎資安研究人員及利害關係人協助通報潛在安全漏洞。
NoonSpare Energy Technology Co., Ltd. is committed to ensuring the security and reliability of its products, systems, and services. We follow a Responsible Disclosure approach and have established a formal vulnerability disclosure program to continuously enhance our cybersecurity posture. We welcome security researchers and stakeholders to report potential vulnerabilities.
二、不究責聲明 (Safe Harbor)
若您基於善意進行資安研究,並符合以下原則,本公司承諾不對您採取法律行動:
If you conduct security research in good faith and adhere to the following principles, the Company will not pursue legal action:
- 不影響系統可用性、穩定性或使用者資料安全。
No disruption to system availability, stability, or user data. - 於漏洞修復前不公開相關細節。
No public disclosure prior to remediation. - 遵守相關法律法規及本政策規範。
Compliance with applicable laws and this policy.
三、通報範疇 (Scope)
本政策適用於由晟瑞科技開發、營運或維護之產品與服務,包括:
This policy applies to products and services developed, operated, or maintained by NoonSpare, including:
- 硬體設備:具備網路連線功能之設備(如 Ethernet、Wi-Fi、Bluetooth)。
Hardware: Devices with network connectivity (e.g., Ethernet, Wi-Fi, Bluetooth). - 軟體系統:韌體、管理平台(Web / App)及相關系統。
Software: Firmware, management platforms (Web/App), and related systems. - 雲端服務:與產品連線之雲端平台與 API。
Cloud Services: Cloud platforms and APIs associated with our products.
四、通報與處理流程 (Reporting and Response Process)
- 本公司將於合理期間內確認通報(通常為 3–5 個工作天)。
The Company will acknowledge receipt within a reasonable timeframe (typically within 3–5 business days). - 依漏洞嚴重程度進行分析、分級與修補。
Reported vulnerabilities will be assessed, prioritized, and remediated according to severity. - 必要時將與通報者聯繫以取得補充資訊,漏洞修復後,將視情況提供處理結果回覆。
The Company may contact the reporter for additional information if necessary and will provide updates when appropriate.
五、通報方式 (Submission)
如發現潛在漏洞,請透過以下方式通報:
If you identify a potential vulnerability, please report it via:
前往線上漏洞通報表 (Online Form)
六、負責任揭露原則 (Responsible Disclosure)
- 漏洞修復前請勿公開揭露相關資訊。
Please do not publicly disclose vulnerabilities before remediation. - 請避免進行可能影響系統或服務之測試行為。
Avoid testing activities that may impact systems or services. - 請僅於合法及授權範圍內進行安全測試。
Security testing should be conducted within legal and authorized boundaries only.
七、免責事項 (Disclaimer)
本網站所提供之資訊係以「現狀」提供,本公司不對其完整性、即時性或適用性提供任何明示或暗示之保證。本公司保留隨時修改或終止網站內容與服務之權利,且不對因第三方行為或不可抗力因素所造成之損害負責。使用者應依指示安裝安全更新,未更新所產生之風險由使用者自行承擔。
All information is provided on an “as is” basis without warranties of completeness, timeliness, or fitness for a particular purpose. The Company reserves the right to modify or discontinue services at any time and shall not be liable for damages caused by third parties or external factors. Users are responsible for applying security updates, and risks arising from failure to do so shall be borne by the user.