Security

Security Strategy

Dongguan Edifier Esports Technology Co.,Ltd places great importance on the security of its products and business systems, recognizing the valuable assistance of security researchers and the community in enhancing Dongguan Edifier Esports Technology Co.,Ltd's security levels. We commit to assigning dedicated personnel to follow up, analyze, and address every issue reported by researchers promptly and provide timely responses.

Dongguan Edifier Esports Technology Co.,Ltd adheres to and supports responsible vulnerability reporting processes, respecting the research efforts of every white-hat researcher. We sincerely welcome all white-hat researchers to report vulnerabilities to Dongguan Edifier Esports Technology Co.,Ltd, and we will express gratitude and provide feedback based on the quality of the vulnerability.

Dongguan Edifier Esports Technology Co.,Ltd prioritizes user interests and endeavors to protect the interests of Dongguan Edifier Esports Technology Co.,Ltd users to the greatest extent possible.

Public Feedback Interface

If you encounter any issues while using Dongguan Edifier Esports Technology Co.,Ltd's products, please reach out to us via email at support@hecategaming.com

Our dedicated team will promptly communicate with you via email. Upon receiving the vulnerability report, we commit to acknowledging it within 7 days. Subsequently, we will maintain regular contact with the reporter, providing progress updates at least every 30 days until the vulnerability is resolved. 

When submitting a security report, please include the following information in your email:

1. Please provide detailed information regarding the vulnerability. Additionally, if you can include its exploitability and potential impact, it would be more helpful for us.
2. Outline the step-by-step process to reproduce the vulnerability.
3. Furnish comprehensive details about the testing environment, including:

• The URL/APP affected by the vulnerability, along with any relevant code snippets. For devices, please specify the model.
• Preserve the data from your testing and submit it as an attachment to your report.

Note: Failure to provide this information may impede our assessment of the vulnerability.

Dongguan Edifier Esports Technology Co.,Ltd is committed to collaborating with you and will make every effort to understand and resolve the vulnerability expeditiously.

The scope of valid vulnerability reports includes:

• Domain: hecategaming.com
• Devices: All products within the Dongguan Edifier Esports Technology Co.,Ltdsecurity maintenance period.

Note: Vulnerabilities for products that are no longer sold or officially unsupported will not be accepted. Vulnerabilities related to suppliers or partners of Dongguan Edifier Esports Technology Co.,Ltd will also not be accepted.

Dongguan Edifier Esports Technology Co.,Ltd opposes and condemns the following behaviors and reserves the right to pursue legal action:

1. Acts that exploit vulnerabilities under the guise of testing to cause harm and damage user interests, including but not limited to stealing user data, privacy, and virtual assets.
2. Attacking Dongguan Edifier Esports Technology Co.,Ltd's systems using vulnerabilities, causing system crashes or failures.
3. Threatening, extorting, or maliciously exaggerating the impact of vulnerabilities to cause public panic.
4. Irresponsible vulnerability disclosure, maliciously spreading vulnerabilities, or publicly disclosing, disseminating, or trading vulnerabilities before they are fixed.
5. Harmful or uncontrollable security testing behaviors.
6. Testing behaviors that violate universally recognized international laws or local regulations.
7. Failure to properly safeguard the data during the vulnerability testing process, resulting in losses to Dongguan Edifier Esports Technology Co.,Ltd.

If you have any questions during the testing process, please feel free to contact Dongguan Edifier Esports Technology Co.,Ltd (support@hecategaming.com), and we will provide detailed guidance.

 

Security report from independent security expert

Dongguan Edifier Esports Technology Co.,Ltd has signed a partnership with Security Corporation, who will provide a security test report for Dongguan Edifier Esports Technology Co.,Ltd’s devices.

When any vulnerability is identified, update the firmware as follows:

1. Vulnerabilities identified by customers, users, etc.
2. A security related review meeting must be held immediately and the corresponding solution needs to be presented. In particular, participants must include security technology manager, project development manager, firmware architecture manager, and Technical Director.CVSSv2 will be used as a reference standard for assessing and prioritizing vulnerability.
3. According to the solution, the developer performs the specific implementation.
4. Code review. Reviewers should include security technology manager and project development.
5. Release firmware.
6. QA team test the firmware. If there are any problems, go back to step three.
7. Code merged into trunk branch.
8. The project manager notify customers that they need to update the software and get customer’s upgrade confirmation.
9. Publish OTA for Dongguan Edifier Esports Technology Co.,Ltdproducts updating.

Security response plan

If security incident arises, the incident must be treated as the highest priority urgent. CEO and CTO must be aware of this incident and participate in incident handling. If the incident is a software maintenance issue,then it will be handled according to the process of the “Software maintenance update strategy” in this document. A tripartite meeting should be held immediately. The participants are Dongguan Edifier Esports Technology Co.,Ltd,OEMS. The meeting needs to collecting information , clarify the situation of the accident,and estimated timelines for remediation of a incident. If there is a special major impact incident, Dongguan Edifier Esports Technology Co.,Ltd will discuss the timelines for remediation with customer.