In today’s connected world, individuals and groups will continue their attempts to identify and exploit vulnerabilities to breach network security. Hanwha Techwin constantly conducts activities to prevent security vulnerabilities and strengthen security of our products through security diagnosis and penetration tests. A team in our Korean R&D center is dedicated to cybersecurity to ensure products meet our high standards and to investigate field concerns or newly discovered issues. Hanwha can then respond quickly with a unified message from our software team. We are also leading the security policy of our security solution products by thoroughly managing product passwords, protocols, and algorithms used.
Hanwha regularly conducts trainings and webinars on cybersecurity for end users and system integrators to share best practices. We provide a cybersecurity hardening guide, white paper and other tools that describes best practices in securing network products. Explore our resources to learn how Hanwha can help protect you and your customers against cyber threats and vulnerabilities.
Security Vulnerability Disclosure Policy
1. Security Vulnerability Response Center (S-CERT)
Hanwha Techwin’s S-CERT1 department is a team dedicated to address security vulnerabilities of Hanwha Techwin’s WISENET products and to respond promptly (analyze and prepare countermeasure) in the event of a security vulnerability.
Please contact S-CERT firstname.lastname@example.org with detailed product information, and instructions on how to reproduce the symptoms of the vulnerability when you find a product related security vulnerability.
- S-CERT does not respond to requests related to product support and features. Please contact your Hanwha Sales Representative for general product inquiries.
2. Security Vulnerability Response Process
Upon receipt of a security vulnerability report, a Security Breach Accident Countermeasures Council is convened immediately. The goal of the Council is to analyze the content and impact of the vulnerability, prepare the resolution for the issue, and post the patched firmware on the website as soon as possible.
3. Security Vulnerability Notice Policy
The vulnerability patched firmware is uploaded to the website together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information / firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attach scenarios for vulnerabilities are not disclosed to prevent imitating attacks.
If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.
S-CERT: Security-Computer Emergency Response Team; website: HQ – Cyber Security page of the website (Technical Guide > Cyber Security)
HTA – Main page (with Vulnerability Report)
HTE – Main page and dedicated web page