we prioritize and uphold responsible disclosure and handling of vulnerabilities, while deeply valuing the contributions of all security researchers. If you come across any vulnerability, we encourage you to promptly report it to Beny@zjbeny.com. Rest assured, our team will diligently follow up on your report and provide timely feedback. To safeguard the security of our users and businesses, we kindly request that you refrain from disclosing or sharing the vulnerability until it has been effectively addressed and resolved.
- Network security issues discovered during product operation will be directly reported to Benyvia email to Beny@zjbeny.com.
- Upon receiving the issue, Benywill promptly organize the R&D team to conduct problem analysis and provide a problem analysis report and solution within 72 hours.
- Throughout the resolution of the network security incident, Benywill provide weekly progress updates to relevant personnel and have the responsible persons of all relevant teams review the “Incident Review Report” to signify the completion of the incident handling work.
- After the new software has been tested by the Software Testing Department without any issues, a testing report will be provided. Based on the testing report, the R&D Department will decide whether an upgrade is required. If an upgrade is needed, the R&D team will provide a version upgrade plan recommendation to the customer service team. After obtaining approval from the customer service team, both teams will jointly complete the software upgrade for operational terminals and production hardware.
- Upon completion of the upgrade, the R&D team will lead a comprehensive review of the incident and produce an “Incident Review Report” (including tracing the cause of the problem, handling measures, and follow-up improvement measures).
- Throughout the resolution of the network security incident, the R&D team will provide daily progress updates to relevant personnel, and the responsible persons of all relevant teams will review the “Incident Review Report” to signify the completion of the incident handling.
- Initial response times are defined based on the published vulnerability disclosure policy. Typically, a fix or warning will be released within 90 days of receiving the vulnerability report. Once a fix has been released, the warning will be retracted.
Response and Handling Times
|Service Level||Level Name||Level Definition||Service Level Agreement||Emergency Response Time||System Recovery Time|
|L0||Core Services||Any exceptions will affect all primary business operations||20m||7d||30d|
Exceptions will impact some branch business operations
Exceptions will not affect major business processes
Exceptions are imperceptible to users
Note: The response and handling times mentioned above are defined for each service level. The “Emergency Response Time” refers to the time within which a response will be initiated to address an issue, while the “System Recovery Time” refers to the time it will take to fully recover the system and restore normal operations after an incident.