SOLARMAN Security Center —— Incident Response

Vulnerability Response and Disclosure Process

Recipient:: Monitor and and assign received vulnerabilities in a timely manner

Verification:: Verify the vulnerability and confirm the exploitability and impact

Solution Development:: Provide effective fix solutions or risk remediations measures

Affected Scope Confirmation:: Investigate and confirm the complete scope of affected products

Affected Scope Confirmation:: Review and publish the security advisory for the security vulnerability

Report Vulnerabilities

You can report the discovered security vulnerabilities of SOLARMAN smart hardware products through the following method.

Mailbox

security@solarmanpv.com

The email should include at least the following information:

- Your organization and contact information
- Products and versions affected
- Description of the potential vulnerability
- Information about known exploits
- Disclosure plans
- Additional information, if any

Attention Although we encourage investigation of potential security breaches, we cannot tolerate any activity that may interfere with legitimate users or may violate applicable computer abuse, cyber security and data protection regulations. Therefore, the following activities are prohibited: - Modification or destruction of data - Service disruption or degradation, such as DoS - Disclosure of personal, proprietary or financial information - Disclosure of vulnerabilities before SOLARMAN publishes an official security bulletin

Attention

Although we encourage investigation of potential security breaches, we cannot tolerate any activity that may interfere with legitimate users or may violate applicable computer abuse, cyber security and data protection regulations. Therefore, the following activities are prohibited:

- Modification or destruction of data
- Service disruption or degradation, such as DoS
- Disclosure of personal, proprietary or financial information
- Disclosure of vulnerabilities before SOLARMAN publishes an official security bulletin

Response Time

We'll respond within 48 hours to the vulnerability you submit. If the vulnerability is confirmed internally, we will fix it within 90 days.

_{* Note: Actual vulnerability response time may vary depending on the risk level and complexity of the vulnerability.}