ORing Security Policy

ORing Industrial Networking is committed to delivering safe and reliable industrial networking products, prioritizing compliance with regulatory requirements. Our products not only adhere to current international safety standards and regulations but are also continually monitored to align with evolving regulatory frameworks, ensuring compliance in an ever-changing security environment./p>

Our company and products have been tested and certified for compliance with the following regulations and standards:

ISO/IEC 27001：The International Information Security Management System Standard ensures that our company meets the highest security standards for protecting and managing information assets. It effectively addresses modern threats and demonstrates exceptional information security capabilities and trustworthiness.

IEC 62443-4-1： This standard governs the secure development of Industrial Automation and Control System (IACS) components, covering the entire product lifecycle from design and development to testing and deployment. It emphasizes defining security requirements, integrating secure designs, testing and validation, and managing vulnerabilities, ensuring the highest security standards during the development phase.

IEC 62443-4-2：This standard outlines the technical security requirements for IACS components, addressing areas such as authentication, encryption, and integrity protection to ensure comprehensive security for industrial control systems.

Taiwan IoT Cybersecurity Certification：Issued by the Taiwan Association of Information and Communication Standards (TAICS), this certification validates the cybersecurity capabilities of IoT devices, ensuring their security in industrial IoT applications.

FirstNet Certification：Certification for the U.S. public safety communication platform ensures that devices provide stable and reliable communication services during emergencies. It supports public safety personnel and emergency response teams by maintaining connectivity and operational continuity.

At ORing Industrial Networking, we adhere to the highest standards of secure development and design, implementing comprehensive cybersecurity principles from concept to deployment：

(1) Secure Development Process：

• We rigorously follow the IEC 62443-4-1 standard to ensure that every stage of product design and development meets stringent security requirements.
• Continuous threat modeling and vulnerability scanning are conducted to identify and mitigate potential risks in advance.

(2) Secure Design Principles：

• Our products incorporate robust multi-layered security mechanisms at both the hardware and software levels to maximize protection.
• Flexible design ensures that our products can rapidly adapt to emerging regulatory and technological requirements.

(3) Continuous Improvement：

• Product security is continuously enhanced through user feedback and the latest advancements in security research.
• A professional cybersecurity team focuses on maintaining security and ensuring compliance updates throughout the product lifecycle.

Security is our long-term commitment to our customers. We will continue to innovate to address emerging security challenges, delivering cutting-edge cybersecurity solutions. Through rigorous development and design, we are dedicated to safeguarding the future of industrial digitalization.

At ORing Industrial Networking, we prioritize the security of our customers' products and encourage security researchers and users to report discovered vulnerabilities. Our vulnerability management process includes the following steps：

• Please send vulnerability details to our dedicated contact email：[email protected]
• The report must include a description of the vulnerability, its scope of impact, and reproduction steps (if applicable).

• Acknowledgment: We will acknowledge receipt of the vulnerability report within 5 - 7 business days.
• Analysis: Our expert team will evaluate the vulnerability's impact and may contact the reporter for additional details if necessary.
• Remediation: A remediation plan will be developed based on the severity of the vulnerability, and a public announcement will be made upon completion of the fix.

• The reporter's information will remain confidential.
• With the reporter’s consent, we will express gratitude in the public vulnerability announcement.

To meet cybersecurity regulatory requirements, we have established a comprehensive open-source software management system to ensure the security and compliance of all open-source software used:

• SBOM (Software Bill of Materials): We create a detailed SBOM for each product, documenting all software components used, including the names, versions, licenses, and related information for open-source software.
• Vulnerability Tracking and Updates: We regularly review open-source software for known vulnerabilities and provide patches and updates when necessary.
• Transparency and Compliance Declaration: If required, we can provide a summarized version of the SBOM and guarantee that our use of open-source software complies with international regulations and licensing agreements.

ORing Industrial Networking is committed to providing security updates and addressing known vulnerabilities promptly. Our security update policy includes the following:

(1) Regular Updates: Routine security updates are provided to address known low-risk vulnerabilities and enhance performance.

(2) Emergency Fixes: For high-risk vulnerabilities, we release patches promptly and notify affected customers.

(3) Update Recommendations:

• Customers are advised to back up system configurations before applying updates.
• After updating, verify that the device is operating with the latest version.

For more information on security or any product-related inquiries, please contact us:

• Vulnerability Reporting： [email protected]
• Technical Support： [email protected]

We are committed to providing fast and professional service to ensure the optimal security and stability of our products.