APsystems Vulnerability Disclosure Policy

APsystems specializes in the R&D and industrialization of module-level power electronics (MLPE) technology. Our vision is to become a provider of highly efficient, safe, and clean energy conversion solutions.

This Vulnerability Disclosure Policy applies to any vulnerabilities you consider reporting to APsystems. We recommend that you read this Vulnerability Disclosure Policy fully before you report a vulnerability and always act in compliance with it.

APsystems hereby undertakes to:

  • Take appropriate measures to remediate and mitigate vulnerabilities in products and services to reduce or eliminate impact on customers and users
  • Promptly provide risk mitigation measures to customers and users upon discovery and confirmation of vulnerabilities
  • Strictly ensure the vulnerability information is transferred only between relevant handlers during the vulnerability handling process
  • Actively identify vulnerability management responsibilities and requirements and build a proactive vulnerability management system
  • Take necessary and reasonable measures to protect data in accordance with legal compliance requirements
  • Never share or disclose data to others unless otherwise required by law or by the affected customer

We welcome vulnerability reports from researchers, industry organizations, partners, users, customers, and any other source. Please email your report to info.emea@APsystems.com if you suspect that you have found a security vulnerability. After you have submitted your report, we will respond to your report within 5 working days and aim to triage your report within 20 working days (the resolution time varies depending on the severity of the issue).

In your report, please include:

  • Details about the vulnerability:
    • Where the vulnerability can be observed, for example, a website, IP address, product, etc.
    • A title of the vulnerability
    • A description of the vulnerability, including a summary, supporting documents, and mitigation measures or recommendations
    • Potential impact of exploitation
    • Steps needed to reproduce the vulnerability
    • Other information (if any)
  • Your contact information:
    • Name
    • Email address

Do not:

  • Violate any applicable laws or regulations
  • Disrupt services or systems of APsystems
  • Alter data in the systems or services of APsystems
  • Use invasive or destructive scanning tools to find vulnerabilities
  • Access unnecessary, excessive, or significant amounts of data
download PDF