Durabook Product Security Advisory

Durabook is committed to customer and data safety as well as the security of our products. We encourage developers and members of the public to report any potential or confirmed security vulnerabilities found on a Durabook product to the Durabook Security Team. We will follow established processes to address them and provide timely feedback.

 

Duration of Security Support and Update

Durabook provides product security support and updates to the following products for 5 years from the date of launch, with extended support provided upon request and availability:

  • U11I Rugged Tablet (12th Gen CPU): launched on July 2023
  • R8 Rugged Tablet (12th Gen CPU): launched on September 2022
  • R11L Rugged Tablet (12th Gen CPU): launched on October 2022
  • R11 Rugged Tablet (12th Gen CPU): launched on July 2022

 

For Durabook products equipped with Microsoft Windows Operating Systems, security support and updates will be provided by Microsoft through regular automatic Windows Update feature throughout the operating system’s product lifecycle.

 

Report Vulnerabilities to Durabook

We strongly encourage organizations and individuals to contact Durabook security team to report any potential security issue.

Contact Details
Email address* security@durabook.com
Template Potential vulnerability report template

* Durabook will endeavor to respond to the report within five working days.

Durabook will need to obtain detailed information about the reported vulnerability to more accurately and quickly begin the verification process. We strongly recommend submitting a vulnerability report according to the template we provide above. Please submit your report by sending it to security@durabook.com.

 

Responsible Reporting Guidelines

  1. All parties to a vulnerability disclosure should comply with the laws of their country or region.
  2. Vulnerability reports should be based on the latest released firmware, and preferably written in English.
  3. Report vulnerabilities through the dedicated communication channel. Durabook may receive reports from other channels but does not guarantee that the report will be acknowledged.
  4. Adhere to data protection principles at all times and do not violate the privacy and data security of Durabook’s users, employees, agents, services or systems during the vulnerability discovery process.
  5. Maintain communication and cooperation during the disclosure process and avoid disclosing information about the vulnerability prior to the negotiated disclosure date.
  6. Durabook is not currently operating a vulnerability bounty program.

 

How Durabook Deals with Vulnerabilities

Durabook encourages customers, vendors, independent researchers, security organizations, etc. to proactively report any potential vulnerabilities to the security team. At the same time, Durabook will proactively obtain information about vulnerabilities in Durabook products from the community, vulnerability repositories and various security websites. In order to be aware of vulnerabilities as soon as they are discovered.

Durabook will respond to vulnerability reports as soon as possible, usually within five business days.

Durabook Security will work with the product team to perform a preliminary analysis and validation of the report to determine the validity, severity and impact of the vulnerability. We may contact you if we need more information about the reported vulnerability.

Once the vulnerability has been identified, we will develop and implement a remediation plan to provide a solution for all affected customers.

Remediation typically takes up to 90 days and in some cases may take longer.

You can keep up to date with our progress and the completion of any remediation activities.

Durabook will issue a security advisory when one or more of the following conditions are met:

  1. The severity of the vulnerability is rated CRITICAL by the Durabook Security Team and Durabook has completed the vulnerability response process and sufficient mitigation solutions are available to assist customers in eliminating all security risks.
  2. If the vulnerability has been actively exploited and is likely to increase the security risk to Durabook customers, or if the vulnerability is likely to increase public concern about the security of Durabook products, Durabook will expedite the release of a security bulletin about the vulnerability, which may or may not include a full firmware patch or emergency fix.

Click to submit a security-related inquiry regarding one of our products to Durabook Technical Support or send it to security@durabook.com.

Product Security Updates

To protect users, Durabook does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, vulnerabilities shall be announced on Durabook’s official website.

   Security Advisory    Status    Last Updated