At DAOMI, product security is an integral part of our product design, développement, and lifecycle management. We are committed to providing secure, reliable products and transparent security support throughout each product’s lifecycle.
This Security Support Lifecycle outlines how DAOMI manages security from product release to end-of-support.
1. Product Development & Security Design
Security is embedded from the earliest stages of product development:
-
Secure architecture and threat modeling during product design
-
Code reviews and internal security testing
-
Use of industry-recognized security best practices
-
Protection of user data, privacy, and system integrity
2. Active Security Support Period
During the Active Security Support phase, DAOMI provides:
-
Regular security monitoring and vulnerability assessment
-
Timely evaluation of reported security issues
-
Security patches, firmware updates, or mitigation guidance when required
-
Security advisories for confirmed and impactful vulnerabilities
Products in this phase are eligible for full security response and remediation.
3. Vulnerability Handling & Response
DAOMI follows a responsible vulnerability response process:
Receipt of vulnerability reports is confirmed within five business days.
The DAOMI security team verifies and assesses the severity of the vulnerability, classifying it into four levels: Critical, High, Medium, and Low. Remediation plans are released according to the following timelines:
- Critical Vulnerabilities: Within 35 days
- High Vulnerabilities: Within 35 days
- Medium Vulnerabilities: Within 45 days
- Low Vulnerabilities: Within 60 days
4. Maintenance Security Support
After the initial active period, products may enter a Maintenance Security Support phase:
-
Critical or high-severity vulnerabilities may still be addressed
-
Fixes may be limited to mitigation measures rather than full feature updates
-
Security advisories may still be issued when customer risk is significant
The scope of support may vary depending on product architecture and deployment impact.
5. End of Security Support (EoSS)
When a product reaches End of Security Support:
-
DAOMI no longer provides security patches or updates
-
New vulnerabilities may not be evaluated or remediated
-
Security advisories are generally no longer published
Customers are strongly advised to upgrade to supported products to maintain an appropriate security posture.
6. Security Lifecycle Transparency
To help customers plan effectively, DAOMI aims to:
-
Clearly communicate security support timelines
-
Publish security advisories when warranted
-
Encourage proactive risk management and product upgrades
7. Reporting Security Issues
If you discover a potential security vulnerability in a DAOMI product, please report it to:
E-mail: support@dao-mi.com
Report Template: Potential Vulnerability Report Template
Response Time: DAOMI will make reasonable efforts to respond within five (5) business days
Encrypted communication using PGP/GPG is supported.
