Tiandy Technologies CO.,LTD

Tiandy Technologies CO.,LTD

Tiandy Security Vulnerability Mitigation Plan and Vulnerability Disclosure

2026 06/18

 

Implementing Department: Tiandy Safety Emergency Response Center

I. Purpose of the Plan

Standardize the management of security vulnerabilities in the company's products , self-developed software and hardware, servers, and third-party components, and clarify the entire process of vulnerability discovery, handling, repair, and public disclosure to ensure stable system operation and user information security.

II. Scope of Application

This solution applies to Tiandy's official cameras, NVRs, servers, and other hardware products.

III. Vulnerability Classification and Handling Requirements

Safety risks are categorized into three levels: high-risk, medium-risk, and low-risk, with corresponding response timelines implemented accordingly.

High-risk vulnerabilities: Deploy temporary protection immediately, and complete remediation and security hardening within 3 days .

Medium-risk vulnerabilities: Vulnerability remediation will be completed within 7 business days.

Low-risk vulnerabilities: Included in the monthly security operations and maintenance plan, and handled within 30 working days.

IV. Basic Handling Procedures

Vulnerability reporting: Collect vulnerability information through internal inspections, security emails, user feedback, and external personnel feedback.

Verification and risk assessment: Verify the authenticity of the vulnerability, determine the risk level, and establish a handling log.

Protection and Repair: Implement temporary protection measures and complete repair work such as code rectification, version upgrade, and configuration optimization.

Retesting and investigation: After the repair, retesting and verification will be carried out to comprehensively investigate similar safety hazards and complete the overall reinforcement.

Archive and Public Disclosure: Organize and retain the handling records, and disclose the vulnerability information to the public in accordance with regulations.

V. Rules for Public Disclosure

High-risk and critical vulnerabilities will be addressed through separate official security bulletins.

All vulnerabilities are compiled and published on this page, with their status updated in real time.

The public notice only describes the risk level, scope of impact, and handling results, without disclosing details related to the exploitation of the vulnerability.

VI.Contact information

Center Leader: Fu Bangpeng

Emergency contact number: +8613820207369

Fixed contact number: +862258596145

 

Security vulnerability reporting email: security@tiandy.com

VII.Recent Security Vulnerability Announcements

As of the date of this announcement, no effective security vulnerabilities have been found.

Tiandy Safety Emergency Response Center