There will be monitoring of version updates for third-party components. This will be followed by updating to the latest version to avoid the existence of known vulnerabilities. Mending for severity vulnerabilities will be bundled in existing updates.
When any vulnerability is identified, update the firmware as follows:
- Vulnerabilities are identified by customers, users, etc.
- A security related review meeting must be held immediately and the corresponding solution should be presented. The participants of the meeting must include project development manager, Technical Director and outside party who is responsible for firmware development. CVSSv2 will be used as a reference standard for assessing and prioritizing vulnerability/vulnerabilities.
- Based on the proposed solution, the developer shall perform specific implementation/implementations.
- Code will be reviewed. Reviewers should include security technology manager and project development.
- Release of the updated firmware.
- The QA team tests the updated firmware. If there are any problems in the updated firmware, go back to step three. If the testing is successful, move to step seven.
- Updated code is merged into trunk branch.
- The project manager notifies customers that they need to update the software and get confirmation from the customer/customers on the upgrade.
- Perform OTA on the corresponding project.