Welcome to the SemiDrive Product Security Incident Response Management(PSIRM) 
file!

The SemiDrive PSIRM Team manages all security vulnerability information related
to SemiDrive products. It is the official and recommended point of contact for 
contacting SemiDrive to report security information related to SemiDrive products.

If you believe you have identified a potential security vulnerability in a SemiDrive
Product, please contact us at: vulnerability@semidrive.com.

We recommend that all information send to us be encrypted using our PGP/GPG key.

PGP/GPG Key
Fingerprint: D50B 9777 FE6B 484D 228B F4DF 0575 5617 9BAB DE67
The public key should be found within the same archive file.
You can use any encryption software that supports PGP/GPG Keys. However, we recommend
using the Firefox Thunderbird software.

Handling Process

1. Reporting
When reporting kindly provide us following information:
Contact: Details on how to contact you in case we need more information
Description: Technical details and potential impact of the vulnerability. Please
provide steps for exploiting the vulnerability.
Affected components: Information as far as available such as the chip model, firmware
version (PTG release number), and any further applicable information.

2. Verification/Analysis
Upon receiving the vulnerability report, SemiDrive PSIRM team shall verify the vulnerability.
We shall acknowledge with a reply email within 3 working days.

SemiDrive PSIRM shall analyze the root cause of the vulnerability, assess possible risk and 
assess possible remediations. This analysis is only shared on a case-by-case scenario.

3. Mitigation
A remediation plan shall be gathered, and a mitigation strategy is consolidated.

4. Disclosure
SemiDrive shall disclose the vulnerability with relevant parties. The definition of relevance
is subject to SemiDrive decision. If you intend to receive the notifications from the same email,
please kindly send a separate email with your public key information as attachment.
