Security Advisory

vivo hopes security researchers, industry organizations, government agencies or vendors can proactively contact us to report potential security vulnerabilities related to vivo products. Vulnerability reporters can submit potential vulnerabilities by email (security@vivo.com). As the vulnerability information is extremely sensitive, we strongly recommend you to use our public PGP key (fingerprint: CE48C83712B84EE88E57A678884C95C622AE7FFE) to encrypt the information when you report a potential security vulnerability to vivo.

To better help us identify potential vulnerability information, please include but not limited to the following information in the email:

1. Organization and contact name

2. Products or solutions and versions affected

3. Description of the potential vulnerability

4. Proof information of potential vulnerability (such as proof of concept, exploits, network packet capture, steps to reproduce the issue, etc)

5. Information about known exploits, if any

6. Disclosure plans, if any

Vulnerability Response Process

For the protection of our customers, vivo doesn't disclose security issues until our investigation is complete and any necessary updates are generally available. vivo uses security advisories to publish information about security fixes in our products and to publicly thank the people or organizations that have reported security issues to us.