# Security & PSIRT ### Overview The Security & PSIRT section provides information regarding security vulnerabilities, coordinated disclosure processes, and remediation guidance for EnGenius products and services. This section serves as the central reference for published security advisories and vulnerability reporting procedures. *** ### EnGenius Product Security Incident Response Team (PSIRT) The EnGenius PSIRT is responsible for receiving, investigating, and coordinating the resolution of security vulnerabilities affecting EnGenius products. A security vulnerability is defined as a weakness in software or hardware components that may negatively impact confidentiality, integrity, or availability when exploited. The EnGenius PSIRT follows coordinated disclosure practices aligned with ISO/IEC 29147:2018 guidelines. *** ### Reporting a Vulnerability Security researchers and customers may report suspected vulnerabilities directly to: **Email:** \ PGP encryption is recommended when submitting sensitive information. To protect customers and maintain responsible disclosure practices, vulnerability details should not be publicly disclosed until investigation and remediation are completed. Upon receipt of a report: * Acknowledgment is typically provided within one business day * The issue is reviewed and validated by product security engineers * Remediation planning begins if the issue is confirmed *** ### PSIRT (Product Security Incident Response Team) The EnGenius Product Security Incident Response Team (PSIRT) manages vulnerability intake, assessment, coordination, and disclosure processes. This section provides information regarding: * Vulnerability reporting procedures * Coordinated disclosure policy * Responsible disclosure expectations * Communication channels for security researchers Security-related issues should be reported through the designated security reporting contact as described in this section. *** ### Response and Remediation Confirmed vulnerabilities are prioritized based on severity, potential impact, and exposure risk. Severity scoring follows CVSS v3.1 standards. For SaaS services fully managed by EnGenius, remediation may be applied without requiring customer action. For on-premises products, fixes are delivered through firmware or software updates according to regular release schedules. In most cases, remediation is completed within established maintenance timelines. *** ### Security Advisories Security advisories are published when: * A validated vulnerability affects supported products * Customer action is required * Public disclosure is necessary Each advisory includes: * Affected products and versions * Severity classification * CVE / CWE identifiers (when applicable) * CVSS score * Mitigation or upgrade guidance Security improvements without confirmed impact may not result in public advisories. Published advisories are listed within this section. *** ### Version Validation Before applying mitigation steps: 1. Confirm the product model. 2. Verify the installed firmware or software version. 3. Review advisory applicability statements. 4. Follow the recommended corrective action. Release Notes may reference incorporated security fixes for specific versions. *** ### Confidentiality and Responsible Disclosure Access to non-public vulnerability information is restricted to authorized personnel involved in remediation. EnGenius requests that potential vulnerabilities not be shared in public forums prior to coordinated resolution and official advisory publication.