Product Security Billion Electric Co., Ltd. (hereinafter referred to as "the Company") strives to maintain and improve security throughout the entire product lifecycle in order to provide customers with safe and reliable IoT products. This page publishes various policies and information regarding the security of our products. The Company has confirmed compliance with the security requirements set by the Information-technology Promotion Agency, Japan (IPA) through obtaining JC-STAR (IoT Product Security Conformity Assessment System) certification. Vulnerability Disclosure Policy This policy defines the contact point for receiving information on security vulnerabilities in our products, the response procedures, and legal exemption for reporters. View Details Security Advisories This policy publishes known vulnerabilities in our products and the status of countermeasures. View Details Product End-of-Life Policy This policy defines the security support period for our products, the response policy after the period ends, and the prior notification of the end of support. View Details Guidelines for Secure Installation and Operation To maximize the security of our products, we recommend installation and operation in accordance with the following guidelines. 1. Network Isolation Our IoT products should not be directly connected to the internet, but should be operated on an independent private network or VLAN. 1. External Connections: If external connections are required, please use a firewall, VPN, etc. 2. Access Control: Restrict access to the product's management and settings screens to the minimum necessary administrators. Change the initial password immediately after installation and use a password of recommended strength. 3. Firmware Updates: Apply firmware updates provided by our company as soon as possible after release. We especially recommend prioritizing updates that include security fixes. 4. Physical Security: Ensure the product is installed in an environment where physical access by unauthorized persons is restricted (e.g., a locked equipment room, restricted access area). 5. Log Monitoring: Regularly check the logs output by the product and monitor for any signs of abnormal communication or operation. If long-term storage is required, consider transferring the logs to an external log management system. Security Inquiries: For information regarding vulnerabilities in our products, please contact the dedicated contact point below via email. For detailed procedures, please refer to the Vulnerability Disclosure Policy. Email contact: psirt@billion.com Billion Electric Co., Ltd. 3-447-8 Shinmaruko Higashi, Nakahara-ku, Kawasaki City, Kanagawa Prefecture 211-0004, Japan estaVIVO Musashi Kosugi