Billion Product Security Advisory

Billion’s cybersecurity team has been dedicated to ensuring the security and stability of our products and systems. We have always gone to great lengths to protect the privacy of our customers.

We welcome customers to report any security or privacy issues related to our products. You can refer to our vulnerability disclosure policy to understand Billion’s guidelines for handling vulnerability reports:

How to report a security vulnerability to Billion ?

We welcome any organizations, companies, or individuals to report any potential security issues related to our products to the Billion's cybersecurity team.

Please use the email address below and encrypt your message using our PGP public key to send us an report form. We will respond to your case within one week.

Email Address for Reporting: support@billion.com

Download Vulnerability Report Form: Billion Security Advisory table.xlsx

Download PGP Public Key: Public PGP Key.zip

Responsible Reporting Guidelines :

Billion sincerely appreciates users reporting vulnerabilities to enhance the security of our products and services. However, please adhere to the following guidelines during the investigation or vulnerability reporting process:

1. Inappropriate Times to Use the Vulnerability Reporting System: 

 a) Seeking technical support (e.g., configuration, firmware updates, or hardware repair services). 

 b) Reporting vulnerabilities that have already been publicly disclosed in the security advisory list. Please avoid duplicate reports. 

 c) Seeking technical assistance for installing software released in response to security vulnerabilities. 

 d) Reporting vulnerabilities in products from other vendors or requesting detailed information about vulnerabilities in other vendors’ products. 

 e) Avoid consulting on any topics unrelated to information security.

2. Regarding the information you report, it is essential to maintain confidentiality. Please refrain from disclosing any details about the vulnerability to any third-party entities before the agreed-upon disclosure date. Billion is committed to strictly protecting the privacy and security of the reporter. Both the reporter and Billion should adhere to the laws of their respective countries or regions.

3. Ensure that during the process of discovering vulnerabilities, you do not infringe upon the privacy and data security of Billion's users, employees, agents, or systems. 

4. Regarding vulnerability reports, Billion currently does not offer any reward programs to reporters. 

5. Unauthorized access or modification of any software or hardware related to Billion's products is strictly prohibited. 

6. Vulnerabilities must be discovered in the latest released firmware. 

7. When reporting, it is preferable to use English. 

How do we process the vulnerabilities?

1. The Billion's cybersecurity team will carefully analyze and investigate the reported information to determine the validity, severity, and impact of the vulnerability. According to our standard operating procedures(SOP), we typically confirm receipt of the report within 3 business days and initiate a detailed investigation within 7 business days to verify the vulnerability reported by the reporter.

2. Once a vulnerability is verified and confirmed, if necessary, Billion will release a solution within 90 days after receiving the vulnerability report email. However, depending on the complexity of the issue, we may require additional time to complete the process. If we need further information about the reported vulnerability, we may attempt to contact the reporter.

3. During the handling process, Billion will safeguard your privacy and will not disclose or request any information that could identify your identity, occupation, machine or system configuration, or email.

4. Once we confirm that the reported issue can be resolved, we will provide an appropriate solution for all affected customers and prioritize addressing the problem. Whenever feasible, we aim to deliver solutions promptly. Therefore, we recommend that customers visit this page regularly to ensure they receive the latest update information.

Recently Security updates :

(Billion Security Advisories are provided in an “as-is” state and do not imply any type of warranty or guarantee. The risk associated with using the information in these publications or linked materials is solely yours. Billion reserves the right to change or update this content at any time without further notice.)