How We Respond to Product Incidents
Reporter Feedback:
When a vulnerability report is submitted, we generate a tracking number and provide it to the reporter for their reference, ensuring transparency and traceability.
Incident Assessment:
Our dedicated Product Security Incident Management Team conducts an initial assessment of all incident reports within a defined timeframe to prioritize and categorize incidents based on severity and potential impact.
Risk Containment:
We implement immediate safety measures, which may include temporary fixes, product recalls, or other actions necessary to safeguard stakeholders, in accordance with risk assessment protocols.
Clear Communication:
We maintain open, proactive communication channels with customers, partners, and regulatory authorities, providing timely updates on incident status and actions taken. In addition, all response activities and decision are documented through the course of the response in and incident log.
Root Cause Analysis
In-depth Investigation:
Our technical experts use advanced diagnostic tools and methodologies to conduct a thorough investigation aimed at identifying the root cause of the issue.
Data-Driven Methods:
We apply systematic root cause analysis techniques to ensure a comprehensive understanding of the issue.
Collaboration:
We engage in collaborative efforts with automotive OEMs, third-party experts, and relevant stakeholders to ensure a holistic evaluation of the incident and its implications.
Resolution and Prevention
Timely Remediation:
We prioritize the design, implementation, and validation of effective solutions to address identified issues promptly, minimizing disruption and risk to stakeholders.
Preventive Measures:
We conduct a thorough review of internal processes and implement design improvements based on lessons learned to prevent recurrence of similar incidents in the future.
Recall Management:
For affected products, we adhere to a structured recall process that prioritizes customer safety and satisfaction.
Information Sharing:
Being a member of Automotive Information Sharing and Analysis Community (Auto-ISAC), we commit to sharing relevant vulnerability information with the Automotive Community, ensuring that such disclosures are made in full alignment with all affected customers and in compliance with applicable regulations.