Security Vulnerability Policy

Overview

A+ STEM Labs follows industry best practices in managing and responding to security vulnerabilities in our products in order to minimize customer exposure to cyber risks. There is no way to guarantee that products and services are free from flaws that can be exploited for malicious attacks. This is not specific to A+ STEM Labs, but rather a general condition for all network devices. What A+ STEM Labs can guarantee, is that we always make a concerted effort at every possible stage in order to ensure that the least risk possible is associated with your A+ STEM Labs devices and services.

A+ STEM Labs acknowledges that standardized network protocols and services may have weaknesses that may be exploited for attacks. While A+ STEM Labs cannot take responsibility for these services, we are dedicated to providing recommendations on how to reduce and eliminate risks relating to your A+ STEM Labs devices.

The latest applicable security patches are included in the latest software/firmware releases. A+ STEM Labs provides free software and firmware updates for products covered under our Software Upgrade Protection Program. These updates can be downloaded by visiting the documents download section of each product’s page on our website: www.aplusstemlabs.com.

Vulnerability Management

A+ STEM Labs classifies the severity of a vulnerability as either critical or non-critical. The classification is based on the risk for users when products are deployed, hardened and used in a recommended way. Newly discovered vulnerabilities that A+ STEM Labs classifies as non-critical will be managed in the normal scheduled firmware release cycle.

Newly discovered vulnerabilities that A+ STEM Labs classifies as critical may result in an unscheduled service release for applicable and supported firmware. A security advisory will be published at www.aplusstemlabs.com/product-security including a case description, threat/risk analysis, recommendations and A+ STEM Labs’ plan to resolve the issue.

Reporting Vulnerabilities

While A+ STEM Labs will work to limit risks associated with vulnerabilities, if you identify a security vulnerability associated with an A+ STEM Labs product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.

End users, partners, vendors, industry groups and independent researchers who have identified a potential risk are encouraged to email product-security@aplusstemlabs.com. Please check www.aplusstemlabs.com/product-security before contacting the team as your concern may already have been processed in a security advisory.

Note: A+ STEM Labs’ product security team will not process requests for support, modified features and statements. Such requests need to be sent through the appropriate A+ STEM Labs channel, typically sales or technical support.

Technical support: www.aplusstemlabs.com/support
General: www.aplusstemlabs.com

Response Process

All valid submissions to product-security@aplusstemlabs.com will be processed and analyzed. A+ STEM Labs will reply within 48 hours with an acknowledgement and possible additional questions for investigation. Depending on severity level, A+ STEM Labs may follow up by posting further information on www.aplusstemlabs.com/product-security.

Receiving Information from A+ STEM Labs

A+ STEM Labs publishes guidelines, security advisories and statements on www.aplusstemlabs.com/product-security.

*Please note that the advice and suggestions contained in this flyer are provided for informational purposes only and should not be construed or relied upon as comprehensive or exhaustive advice on how to protect your systems from cyber vulnerabilities. A+ STEM Labs does not guarantee that any of its products are immune from a potential cyber-attack and adhering to the advice and suggestions contained in this flyer may still result in your system being subject to cyber vulnerabilities or a cyber-attack.

A+ STEM Labs Security Vulnerability Policy PDF