%20(2).svg){kind=small}
Vulnerability Disclosure Policy
Coordinated Vulnerability Disclosure (CVD) Policy
Introduction
At Silex, the safety and trust of our customers are our highest priorities. To maintain the integrity of our products, we have established a robust framework for identifying, managing, and resolving security vulnerabilities. This policy outlines our commitment to transparent communication, continuous security enhancement, and the prompt handling of security research.
Our dedicated Product Security Incident Response Team (PSIRT) oversees the end-to-end vulnerability lifecycle, from initial intake and internal investigation to the deployment of mitigations and public disclosure.
How to Report a Vulnerability
If you believe you have discovered a security vulnerability in a Silex product, we encourage you to contact our PSIRT team immediately.
- Vulnerability Reporting Contact: slx-psirt@silex.jp
To expedite our investigation, please include the following details in your report:
- Vulnerability Details: A description of the issue, the potential attack scenario, and the observed behavior.
- Product Information: Product name, model, and software/firmware version.
- Technical Environment: Steps to reproduce the issue, including device configuration and operating environment.
- Your Contact Information: Name, organization (optional), and preferred email for follow-up.
Any personal information provided will be handled strictly in accordance with the Silex Privacy Policy.
Investigation and Mitigation
Upon receipt of a report, our PSIRT team performs a comprehensive risk assessment to determine the scope and severity of the impact. We work directly with our engineering teams to develop effective patches, workarounds, or mitigation strategies. Throughout this process, Silex may reach out to the reporting party to clarify technical details or validate proposed fixes.
Information Disclosure & Advisories
Once a mitigation is verified, Silex will publish a formal Security Advisory on our website. These advisories typically include a summary of the vulnerability, a list of affected products, and clear instructions for remediation.
In the interest of coordinated disclosure, Silex strives to align the timing of these publications with the reporting party and relevant industry stakeholders to ensure customers have sufficient time to protect their systems.
Note: Official English-language security advisories are maintained by our global headquarters in Japan.
- View Current Advisories: www.silex.jp/support/security-advisories.
Our Request to Researchers
To protect the global community of Silex users, we respectfully ask that you maintain confidentiality regarding any reported vulnerabilities until Silex has officially released a mitigation and public advisory.
Disclaimer Silex reserves the right to modify this policy at any time without prior notice. Silex shall not be held liable for any direct or indirect damages, including loss of data, opportunity, or system downtime, resulting from the use of information disclosed under this policy.