The GOODWE Product Network Security Processing Team (PNSPT) is dedicated to addressing security vulnerabilities in GOODWE products. These vulnerabilities, unlike quality defects, must be exploited by an attacker to cause harm. PNSPT commits to managing security issues according to relevant standards, reducing vulnerabilities, and providing timely risk mitigations to minimize harm to customers.

1. Vulnerability Management:

   - Reduce and eliminate security risks for customers.

   - Provide prompt risk mitigations after discovering vulnerabilities.

   - Identify and manage responsibilities, including legal, contractual, and public standards.

   - Continuously improve processes and standards based on industry best practices.

2. Reporting Vulnerabilities:

   - Encourages reporting from security researchers, organizations, customers, and suppliers.

   - Reports should include a description, product model, software version, and contact information via email to service@goodwe.com.

   - Maintain confidentiality until a solution is available.

3. Vulnerability Response:

   - After receiving the vulnerability report, we will analyze it and reply to the customer within 7 days.

   - Develop and prioritize remediation strategies, including patches and risk mitigations. When the vulnerability is confirmed, we will provide a fixing plan within 30 days. After the plan is confirmed, we will fix the vulnerability and verify it, and issue updates within 90 days.

   - Work with suppliers for vulnerability remediation when necessary.

4. Confidentiality and Data Protection:

   - Ensure information is shared only among relevant handlers.

   - Protect data and maintain confidentiality until solutions are provided.

   - Comply with legal requirements and protect obtained data.

5.Service Term Statement

The equipment manufacturer commit to providing ongoing updates and maintenance of software and security features for five years after product release, ending on September 30, 2029. After the security update support period is extended, it will be updated in time later; after the security update support period is released, it will not be shortened later.