Code of Practice for Consumer IoT Security
Vulnerability Disclosure Policy
As a provider of security products, we prioritize the importance of privacy and data security and treat security issues with the utmost seriousness. Our commitment is to promptly address and report any security concerns to safeguard our users. As a user of Smart Wifi products from Technical Consumer Products, your role is crucial in this collaborative effort.
How to Report Security Issues:
If you believe you’ve identified a vulnerability in any TCP Smart product or need to report a security incident, kindly contact TCP Smart here customerservice@tcpi.eu.
Upon receiving a vulnerability report, Technical Consumer Products follows a systematic process in line with ISO/IEC 30111, and all reported vulnerabilities are assessed based on the Common Vulnerability Scoring System 3.1 (CVSS) standard.
- Confidential Information Request: Technical Consumer Products requests the reporter to provide detailed and confidential information about the identified vulnerability.
- Investigation and Verification: Technical Consumer Products conducts a thorough investigation to validate the reported vulnerability.
- Fix and Verification: Technical Consumer Products addresses and fixes the vulnerability across all Technical Consumer Products Smart product lines, followed by thorough verification.
- Over-the-Air Update: Technical Consumer Products releases an OTA (over the air) update to the affected product.
- Post-Update Monitoring: Technical Consumer Products monitors the stability of the product after the update.
Acknowledgment of report receipt is confirmed within one business day, and a preliminary assessment is initiated. Within three business days, assessments are completed, and either the vulnerability is fixed, or a remediation plan is implemented.
Critical risk vulnerabilities are resolved within three business days, while high and medium risk vulnerabilities are addressed within 30 business days. Low-risk vulnerabilities are targeted for resolution within 180 business days. It’s important to note that certain vulnerabilities may be subject to environmental or hardware restrictions, and the final remediation time will be determined based on real-world considerations.
We sincerely appreciate your collaboration in providing us with the opportunity to enhance our products and services, ultimately strengthening the protection of our user.
Firmware Releases
Technical Consumer Products will consistently provide you with an enhanced experience, delivering regular updates that include the latest security patches. The timing of your update may be influenced by various factors such as your device model and operator variants. Users are advised to promptly accept all maintenance releases to ensure optimal performance.
All release information can be found here.