Product Security Vulnerabilities

介绍

Product security is an ongoing challenge, the work is never done. At Dialog Semiconductor we recognize that a key element is to have an effective process to receive, investigate and fix vulnerabilities identified by others.

该对话框产品安全事件响应团队（PSIRT）管理所有潜在产品安全问题，硬件和软件的过程，以得到适当的紧急情况和解决。对于每个问题，请注意通过过程的每个阶段来封闭来通信。

如何报告疑似产品漏洞

If you become aware of a vulnerability, and have reasonable concern that this could impact any Dialog product, then please send an email toPSIRT@diasemi.com详细说明您的疑虑。为了实现快速有效的响应，请确保所有电子邮件遵循以下指南：

所有电子邮件都用英文写作
描述of the potential vulnerability
参考您认为受此漏洞影响的任何特定最终产品
引用任何官方来源，例如国家漏洞数据库
Reference to any specific Dialog product, IC and/or Software Development Kit (SDK)
接触details: name, role & organization

Please understand that thePSIRT@diasemi.comemail address is for the reporting of potential security vulnerability issues only, it is not for general questions related to product security. If we receive emails that are not related to a potential vulnerability we will reply or re-direct your email accordingly.

关于对话框的PSIRT

对话器Psirt是对所有人有关潜在产品安全问题的所有人的联系人。PSIRT将确保所有报告都迅速指向适当的产品团队，并遵循正式的事件流程。PSIRT指导所有问题到关闭，并将记者告知该过程中每个阶段的进展和前景。

The Dialog Security Incident Process

对话框过程符合标准行业实践，可分为5个不同的阶段：

录取➡︎Triage➡︎Analysis➡︎修复➡︎Lessons learned

为了确保普通理解，PSIRT将为所有有效事件的报告者提供进程的每个阶段的进一步解释。

事件概述

Below is a list of confirmed vulnerability incidents with a link to the report and product mitigations.

Incident id	描述	日期
LPC＃4	Non-compliance to hotIncrement in Bluetooth specification	02 July 2020