Reporting Suspected Vulnerabilities

Sungrow supports the responsible vulnerability disclosure and handling process, and encourages security researchers, industry organizations, customers, and suppliers to report suspected Sungrow product vulnerabilities to Sungrow PSIRT. If you have found the vulnerabilities, you can email the description of the vulnerability (including the specific product model, software version, etc.) to psirt@sungrowpower.com  and leave your contact information. Generally, you will get an email of confirmation within 1 working day from submission; an email of verification within 7 working days.Subsequently, we will keep you updated with the latest progress during the vulnerability handling process. 

Throughout the vulnerability handling process, our PSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers. We will take necessary and reasonable measures to protect the obtained data based on legal compliance requirements. We will not proactively share or disclose the data to others unless otherwise required by law or by the affected customer.