[et_pb_section fb_built=»1″ _builder_version=»4.7.7″ _module_preset=»default»][et_pb_row _builder_version=»4.7.7″ _module_preset=»default»][et_pb_column type=»4_4″ _builder_version=»4.7.7″ _module_preset=»default»][et_pb_text _builder_version=»4.9.4″ _module_preset=»default» hover_enabled=»0″ sticky_enabled=»0″]<\/p>\n
2. Purpose<\/b> 3. Scope<\/b> 4. Governance and Roles<\/b> 5. Vulnerability Identification<\/b> 6. Classification and Risk Assessment<\/b> 7. Remediation Process<\/b> 8. Update and Release Process<\/b> 9. Customer Responsibilities<\/b> 10. Review and Testing<\/b> 11. Audit Logging and Change Tracking<\/b> [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" [et_pb_section fb_built=»1″ _builder_version=»4.7.7″ _module_preset=»default»][et_pb_row _builder_version=»4.7.7″ _module_preset=»default»][et_pb_column type=»4_4″ _builder_version=»4.7.7″ _module_preset=»default»][et_pb_text _builder_version=»4.9.4″ _module_preset=»default» hover_enabled=»0″ sticky_enabled=»0″] Vulnerability Management Policy 1. IntroductionThis document defines how vulnerabilities in the DeskCamera software are tracked, assessed, and resolved. DeskCamera is an offline, on-premises application that streams screen data locally to NVR\/VMS systems. It does not record video or audio and does not […]<\/p>\n","protected":false},"author":2240,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":""},"_links":{"self":[{"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/pages\/15401"}],"collection":[{"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/users\/2240"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/comments?post=15401"}],"version-history":[{"count":0,"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/pages\/15401\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.deskcamera.com\/ru\/wp-json\/wp\/v2\/media?parent=15401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
1. Introduction<\/b>
<\/b>This document defines how vulnerabilities in the DeskCamera software are tracked, assessed, and resolved. DeskCamera is an offline, on-premises application that streams screen data locally to NVR\/VMS systems. <\/span>It does not record video or audio and does not collect personal data. An optional connection to cloud infrastructure may occur solely for licensing or update-checking purposes. In no case is any personal data transmitted during such a connection.<\/span><\/p>\n
<\/b>Ensure the security and reliability of DeskCamera by minimizing exposure to known vulnerabilities through structured assessment, remediation, and updates.<\/span><\/p>\n
<\/b>Applies to all versions of the DeskCamera software, internal development systems, code repositories, and all third-party components integrated into the software.<\/span><\/p>\n
<\/b>\u2022 <\/span>CTO<\/b> \u2013 Owns the policy and reviews critical vulnerabilities<\/span>
<\/span>\u2022 <\/span>Development Team<\/b> \u2013 Responsible for monitoring, assessing, and resolving issues<\/span>
<\/span>\u2022 <\/span>Security Lead<\/b> \u2013 Coordinates vulnerability response and external communication (if needed)<\/span><\/p>\n
<\/b>\u2022 Continuous monitoring of CVE feeds and vendor advisories for dependencies<\/span>
<\/span>\u2022 Internal code reviews and static analysis tools during development<\/span>
<\/span>\u2022 Bug reports from customers and ethical researchers via support@deskcamera.com<\/strong><\/span><\/p>\n
<\/b>\u2022 Vulnerabilities are categorized as Emergency<\/strong><\/span>, <\/span>High<\/b>, <\/span>Medium<\/b>, or <\/span>Low<\/b> based on CVSS and business impact<\/span>
<\/span>\u2022 Risk score considers likelihood of exploitation, impact on functionality, and exposure surface<\/span><\/p>\n
<\/b>\u2022 <\/span>Emergency\/High<\/b> vulnerabilities addressed within 5 working days<\/span>
<\/span>\u2022 Security patches integrated into next available release after testing<\/span>
<\/span>\u2022 Dependencies updated proactively if any known risk emerges<\/span><\/p>\n
<\/b>\u2022 Builds are signed using a secure certificate stored on offline USB media<\/span>
<\/span>\u2022 New installers published to official DeskCamera website<\/span>
<\/span>\u2022 Customers are notified via the Security Advisories section (if applicable)<\/span><\/p>\n
<\/b>\u2022 Clients are responsible for downloading and installing updates manually<\/span>
<\/span>\u2022 DeskCamera cannot push updates or access customer environments, reinforcing the need for clients to follow best security practices<\/span><\/p>\n
<\/b>\u2022 This policy is reviewed <\/span>annually by the CTO<\/b>
<\/b>\u2022 Version control maintained via GitHub<\/span>
<\/span>\u2022 Vulnerability management practices may be refined following any security incident or advisory<\/span><\/p>\n
<\/b>\u2022 All code changes and access history are logged automatically via Azure DevOps Server source control<\/span>
<\/span>\u2022 Commit history, user activity, and permission changes are recorded in the internal SQL Server database of Azure DevOps Server<\/span>
<\/span>\u2022 Git commit trails are retained for all versions, and role-based access control ensures traceability<\/span>
<\/span>\u2022 The audit trail aligns with ISO 27001 and SOC 2 recommendations for secure software development<\/span><\/p>\n