Vulnerability Response Process
The time for completing a vulnerability response process depends on the scope of the vulnerability.
If you report a vulnerability to ZTE, we assume that you agree to keep the information confidential before ZTE discloses the information. Likewise, ZTE is committed to keeping the sensitive information secret for customers before repairing and disclosing the vulnerability.
ZTE scores and rates vulnerabilities on the basis of relevant scoring criteria. Reporters can also score/rate vulnerabilities for ZTE’s information.
ZTE uses Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) to quote public vulnerabilities outside ZTE’s official website.
ZTE reserves the rights for releasing vulnerability reports.