Renac PSIRT will strictly control the scope of vulnerability information, limiting it to only personnel involved in handling vulnerabilities for transmission; At the same time, it is also required that the vulnerability reporter keep this vulnerability confidential until it is publicly disclosed.

Renac PSIRT discloses security vulnerabilities to the public in two forms:

1) SA (Security Advisory): Used to publish security vulnerability information related to Renac products and solutions, including but not limited to vulnerability descriptions, repair patches, etc;

2) SN (Security Notice): Used to respond to security topics related to Renac products and solutions, including but not limited to vulnerabilities, security incidents, etc.
Renac PSIRT adopts the CVSSv3 standard, which provides a Base Score and a Temporary Score for each security vulnerability assessment. Customers can also conduct their own Environmental Impact Score as needed.

3) The specific CVSSv3 standards can be found in the following link: https://www.first.org/cvss/specification-document