Report a Security Vulnerability
Security vulnerabilities relating to Wyze products are actively managed through a well-defined process. The time to respond varies based on the scope and priority of the issue. The process consists of 4 key steps:
-
Reporting: The process begins when the Wyze Cybersecurity team becomes aware of a potential security vulnerability in a Wyze product or service. The reporter receives an acknowledgement and updates throughout the handling process.
-
Evaluation: The Wyze Cybersecurity team confirms the potential vulnerability, assesses the risk, determines the impact and assigns a processing priority. If the vulnerability is confirmed, the priority determines how the issue is handled throughout the remaining steps in the process.
-
Solution: Working with the product team, the Wyze Cybersecurity team develops a solution that mitigates the reported security vulnerability. Solutions will take different forms based on the vulnerability. In cases where a vulnerability is being actively exploited, Wyze may deliver a temporary solution to contain the issue while working on the full solution
-
Communication: The Wyze Cybersecurity team publishes a security advisory for severe issues. Less severe issues are communicated through other methods.
If you have discovered a potential security vulnerability in Wyze products or services, please contact the Wyze Cybersecurity team at security@wyze.com.
A member of the Wyze Cybersecurity team will review your e-mail and contact you to collaborate on resolving the issue. It is important to include the following details:
- Detailed description of the vulnerability
- The products and versions affected
- Device MAC Address (ID)
- Account Email address
- Time of the issue
- Submitted Log ID from the mobile app