Beny Network Security Vulnerability Management

At Beny:

 we prioritize and uphold responsible disclosure and handling of vulnerabilities, while deeply valuing the contributions of all security researchers. If you come across any vulnerability, we encourage you to promptly report it to Beny@zjbeny.com. Rest assured, our team will diligently follow up on your report and provide timely feedback. To safeguard the security of our users and businesses, we kindly request that you refrain from disclosing or sharing the vulnerability until it has been effectively addressed and resolved.

Handling Process:

  1. Network security issues discovered during product operation will be directly reported to Benyvia email to Beny@zjbeny.com.
  2. Upon receiving the issue, Benywill promptly organize the R&D team to conduct problem analysis and provide a problem analysis report and solution within 72 hours.
  3. Throughout the resolution of the network security incident, Benywill provide weekly progress updates to relevant personnel and have the responsible persons of all relevant teams review the “Incident Review Report” to signify the completion of the incident handling work.
  4. After the new software has been tested by the Software Testing Department without any issues, a testing report will be provided. Based on the testing report, the R&D Department will decide whether an upgrade is required. If an upgrade is needed, the R&D team will provide a version upgrade plan recommendation to the customer service team. After obtaining approval from the customer service team, both teams will jointly complete the software upgrade for operational terminals and production hardware.
  5. Upon completion of the upgrade, the R&D team will lead a comprehensive review of the incident and produce an “Incident Review Report” (including tracing the cause of the problem, handling measures, and follow-up improvement measures).
  6. Throughout the resolution of the network security incident, the R&D team will provide daily progress updates to relevant personnel, and the responsible persons of all relevant teams will review the “Incident Review Report” to signify the completion of the incident handling.
  7. Initial response times are defined based on the published vulnerability disclosure policy. Typically, a fix or warning will be released within 90 days of receiving the vulnerability report. Once a fix has been released, the warning will be retracted.

Response and Handling Times

Service LevelLevel NameLevel DefinitionService Level AgreementEmergency Response TimeSystem Recovery Time
L0Core ServicesAny exceptions will affect all primary business operations20m7d30d

L1

Critical Services

Exceptions will impact some branch business operations

20m

10d

30d

L2

General Services

Exceptions will not affect major business processes

20m

15d

60d

L3

Additional Services

Exceptions are imperceptible to users

20m

30d

90d

      
      
      
      
      

Note: The response and handling times mentioned above are defined for each service level. The “Emergency Response Time” refers to the time within which a response will be initiated to address an issue, while the “System Recovery Time” refers to the time it will take to fully recover the system and restore normal operations after an incident.

Talk to Specialists Register