Security

Security researchers may notify Boompods of any security vulnerabilities they may find in our devices.

 

Boompods official website: https://www.boompodsusa.com/

 

Contact Boompods support department at:  https://boompodsusa.com/pages/contact-us

 

When any vulnerability is identified, Boompods will update any firmware using the following procedure:

 

1. Vulnerabilities identified by researchers, customers or users, etc.
2. A security related review meeting will be held immediately with our product designers, and a corresponding set of solutions will be presented. Participants must include a security technology manager, project development manager, firmware architecture manager, and Technical Director. CVSSv2 will be used as a reference standard for assessing and prioritizing vulnerability.
3. According to the solution required to be implemented, our product designers/developers will perform the specific implementation.
4. Code review. Our product designers/developers will include security technology manager and project development information relevant to the solution found and implemented.
5. Release firmware for test candidate.
6. Test candidate firmware is then tested for use by QA team. In the event of any further issues or problems, an iteration step is taken to further refine the fix implementation. The iteration begins from step 3 identified above.
7. Test candidate is then merged with master development branch.
8. The project manager will then notify customers that a new update is available for their product, where a method will be provided to download and update the product software.
9. Perform OTA on the corresponding product or device.