Vulnerability Response Mechanism

Ensuring user security is our core mission. We sincerely invite security researchers to report potential vulnerabilities to help improve the security of Rokid products.

Vulnerability Handling Process

1. Report Reception：Monitor and process vulnerability reports in real time.
2. Vulnerability Verification：Conduct technical analysis to assess the severity of reported vulnerabilities.
3. Remediation Plan：Develop targeted fixes or temporary mitigation measures.
4. Impact Assessment：Conduct a comprehensive investigation to determine affected products.
5. Security Advisory：Publish an official security advisory after review.

How to Submit a Vulnerability

Please send security vulnerability reports to: security@rokid.com

Reports should include:

• Affected product and version details
• Detailed technical description of the vulnerability
• Known exploitation methods (if any)
• Your intended disclosure timeline

Important Guidelines

We encourage responsible vulnerability research but strictly prohibit:

• Any form of data destruction
• Disruptive activities such as DoS attacks
• Disclosure of user privacy or sensitive data

Response Commitment

We guarantee:

• Acknowledgement of receipt within 48 hours
• Prioritized handling based on severity (Complex vulnerabilities may require extended analysis time)

Disclosure Policy

For unconfirmed vulnerabilities, we will maintain communication via email.

Do not disclose vulnerability details before Rokid issues an official advisory.

After fixes are released, we will:

1. Push security updates
2. Document security patches in release notes (Check Rokid Official Download Center for details)

3. Rokid will regularly release security vulnerability information about its products on this list.

Product Support Policy

We provide for all products:

• ✓ Regular security updates
• ✓ Emergency patches for critical vulnerabilities
• ✓ Ongoing security enhancements

Notes:

• Security support is maintained throughout the product lifecycle
• Support policies may vary by product line
• This page will be updated with the latest security status

Users are advised to check periodically for security updates.