Search site
Home

Product Security Vulnerabilities

Introduction

Product security is an ongoing challenge, the work is never done. At Dialog Semiconductor we recognize that a key element is to have an effective process to receive, investigate and fix vulnerabilities identified by others.

The Dialog Product Security Incident Response Team (PSIRT) manages the process for all potential product security issues, hardware and software, to be properly received and addressed with appropriate urgency. For every issue attention is given to communication through each stage of the process to closure.

How to report a suspected product vulnerability

If you become aware of a vulnerability, and have reasonable concern that this could impact any Dialog product, then please send an email toPSIRT@diasemi.comdetailing your concerns. To enable a speedy and effective response please ensure that all emails follow the guidelines below:

  1. All emails to be written in English
  2. Description of the potential vulnerability
  3. Reference to any specific end product you believe to be impacted by this vulnerability
  4. Reference to any official source, for example the National Vulnerability Database
  5. Reference to any specific Dialog product, IC and/or Software Development Kit (SDK)
  6. Contact details: name, role & organization

Please understand that thePSIRT@diasemi.comemail address is for the reporting of potential security vulnerability issues only, it is not for general questions related to product security. If we receive emails that are not related to a potential vulnerability we will reply or re-direct your email accordingly.

关于对话框的PSIRT

The Dialog PSIRT is the point of contact for all who have a concern regarding a potential product security issue. The PSIRT will ensure that all reports are quickly directed to the appropriate product teams and that the formal incident process is followed. The PSIRT guides all issues through to closure and will keep the reporter informed of the progress and outlook for each stage in the process.

The Dialog Security Incident Process

The Dialog process conforms to standard industry practices and can be divided into 5 distinct stages:

Intake➡︎Triage➡︎Analysis➡︎Fixes➡︎Lessons learned

To ensure common understanding the PSIRT will provide further explanation for each stage of the process to the reporter for all active incidents.

Incident Overview

Below is a list of confirmed vulnerability incidents with a link to the report and product mitigations.

Incident id Description Date
SweynTooth Vulnerability 28 Feb 2020
LPC#4 Non-compliance to hotIncrement in Bluetooth specification 02 July 2020