In principle, we will respond to received vulnerability information according to the steps below.
4-1. Acknowledgement of Receipt
After receiving a report, we will review the details and, as necessary, contact the reporter to acknowledge receipt.
4-2. Review and Request for Additional Information
We will review the report, and if necessary, may request that the reporter provide additional information.
4-3. Impact Investigation and Reproduction Verification
We will confirm whether the affected product/service is impacted, whether the issue is reproducible, and whether a response is required.
4-4. Determination of Response Policy
As necessary, we will consider countermeasures such as workarounds, configuration changes, operational precautions, software fixes, firmware updates, or other measures.
4-5. Coordination with Stakeholders
As necessary, we will coordinate with relevant users, maintenance companies, contractors, device vendors, and other related parties.
4-6. Notification After Completion of Response
As necessary, we will inform the relevant users or stakeholders of the response details, workarounds, update methods, and other required information.