Chinabest attaches great importance to security issues and welcomes security researchers to report potential vulnerabilities to help enhance the security of our products and services.
We continuously monitor our vulnerability intake channels and promptly review and assign received vulnerabilities.
Security engineers will technically verify the validity of the vulnerability, assess its exploitability, and evaluate its potential impact.
Security engineers will develop a fix or mitigation plan and validate its effectiveness.
We will further investigate to identify all potentially affected products and define the impacted scope.
Once the vulnerability response process is completed, we will review and publish a security advisory.
You can submit vulnerabilities via the Chinabest email. Details are as follows:
trade@chinabest.com.cn
The email should include at least the following:
– Your organization details and contact information
– Affected product(s) and version(s)
– Description of the vulnerability
– Exploitation method
– Disclosure plan
– Any other relevant information (if available)
While we encourage investigation and research into potential vulnerabilities, we do not tolerate any activity that interferes with legitimate user rights or violates laws related to computer misuse, cybersecurity, and privacy protection.
– Modifying or destroying data
– Activities that cause service interruption or degradation, such as denial-of-service attacks
– Disclosing personal, intellectual property, or financial data
After receiving your submitted vulnerability, we will respond within 48 hours according to the submission platform:
For submissions via email: We will respond via email with confirmation and feedback. The fix progress will also be updated via email or the platform as appropriate.
*Note: Actual response time may vary depending on the risk level and complexity of the vulnerability.
Chinabest discloses product security vulnerabilities in two ways:
– Security Advisory: When a vulnerability is confirmed, we disclose details and fixes within 180 days via a Security Advisory.
– Security Notice: When a potential vulnerability is externally discovered but not fully confirmed, we publish a Security Notice with basic information and investigation progress.
Please keep vulnerability details confidential until Chinabest officially discloses them.
If any disputes arise during the reporting or disclosure process, we will handle them according to conflict resolution principles.
*Note: Actual disclosure timing may be adjusted depending on the discloser’s plan, release timing of fixes, potential side effects, or other vendors’ disclosure plans.