Public Feedback Interface
Security researchers can notify boAt of security vulnerabilities in devices.
boAt official website : https://www.boat-lifestyle.com
Contact of boAt’s security department : firstname.lastname@example.org
Security Report From Independent Security Expert
boAt has signed a partnership with a Security Corporation, which will provide a security test report for boAt’s devices.
Software Vulnerability Monitoring
Monitor the public information of the following websites through regular and continuous monitoring.
Software Maintenance Update Strategy
There will be monitoring of version updates for third-party components. This will be followed by updating to the latest version to avoid the existence of known vulnerabilities. Mending for severity vulnerabilities will be bundled in existing updates.
When any vulnerability is identified, update the firmware as follows:
- Vulnerabilities are identified by customers, users, etc.
- A security related review meeting must be held immediately and the corresponding solution should be presented. The participants of the meeting must include project development manager, Technical Director and outside party who is responsible for firmware development. CVSSv2 will be used as a reference standard for assessing and prioritizing vulnerability/vulnerabilities.
- Based on the proposed solution, the developer shall perform specific implementation/implementations.
- Code will be reviewed. Reviewers should include security technology manager and project development.
- Release of the updated firmware.
- The QA team tests the updated firmware. If there are any problems in the updated firmware, go back to step three. If the testing is successful, move to step seven.
- Updated code is merged into trunk branch.
- The project manager notifies customers that they need to update the software and get confirmation from the customer/customers on the upgrade.
- Perform OTA on the corresponding project.