Vulnerability Disclosure Policy

Protecting customers from cybersecurity and communications security threats is a core responsibility of DAOMI. We are committed to providing secure, reliable, and stable products and services, while strictly protecting user data, communications privacy, and system integrity.

DAOMI highly values security research and responsible vulnerability disclosure. We welcome and encourage responsible reporting on issues related to product security, system vulnerabilities, or user privacy protection. All reports will be processed according to our established procedures, and timely confirmation and feedback will be provided.

Reporting Security Vulnerabilities

DAOMI strongly encourages organizations, partners, and independent security researchers to contact the DAOMI Security Team to report any potential security issues affecting DAOMI products or services.

Contact Information

• 電子メール: support@dao-mi.com

• Report Template: Potential Vulnerability Report Template

• Response Time: DAOMI will make reasonable efforts to respond within five (5) business days

To help us verify and address reported vulnerabilities more accurately and efficiently, we strongly recommend submitting reports using the official template and providing sufficient technical details, reproduction steps, and impact analysis.

Remediation

Once a vulnerability is confirmed, DAOMI will develop and implement an appropriate remediation plan and provide mitigation or resolution solutions for affected customers. Remediation efforts are generally completed within 60 days, although complex cases may require additional time.

Responsible Disclosure Guidelines

1. All parties involved in vulnerability disclosure must comply with applicable local laws and regulations.

2. Vulnerability reports should be based on the latest officially released firmware or software versions and should preferably be submitted in English.

3. Vulnerabilities should be reported through DAOMI’s designated security communication channels. Reports submitted through other channels may not be acknowledged.

4. During vulnerability discovery and validation, reporters must comply with data protection principles and must not violate the privacy or data security of DAOMI users, employees, partners, services, or systems.

5. Please maintain responsible communication and coordination during the disclosure process and refrain from public disclosure prior to an agreed disclosure date.

6. At present, DAOMI does not operate a vulnerability bounty program.

How DAOMI Handles Vulnerabilities

Awareness & Intake

DAOMI encourages customers, suppliers, independent researchers, and security organizations to proactively report potential vulnerabilities. In parallel, DAOMI actively monitors security communities, vulnerability databases, and public security channels to identify issues related to DAOMI products as early as possible.

Confirmation & Assessment

DAOMI will acknowledge vulnerability reports as soon as practicable, typically within five (5) business days. The DAOMI Security Team will work closely with R&D and product teams to analyze and validate the report, assessing its severity, impact, and exploitability.
If additional information is required, we may contact the reporter for further clarification.

Remediation

Once a vulnerability is confirmed, DAOMI will develop and implement an appropriate remediation plan and provide mitigation or resolution solutions for affected customers.
Remediation efforts are generally completed within 60 days, although complex cases may require additional time.

Notification & Advisory

DAOMI will evaluate progress regularly and communicate relevant updates during the remediation process when appropriate.

DAOMI will issue a security advisory when one or more of the following conditions are met:

1. The vulnerability has been assessed as critical or high severity, the response process has been completed, and sufficient mitigation measures are available to eliminate security risks.

2. The vulnerability is being actively exploited, may significantly increase security risks to DAOMI customers, or may raise public concern regarding the security of DAOMI products.
   In such cases, DAOMI may accelerate the release of a security advisory, which may or may not include a complete firmware patch or emergency fix at the time of publication.

Contact Technical Support

For inquiries related to DAOMI product security, please contact DAOMI Technical Support through our official support channels.