Last Updated: 2023-03-30
DrayTek threat modeling helps developers to identify and prioritize security risks and potential weaknesses. Once DrayTek defects are identified, our team will plan strategies to minimize risks and improve a more secure system, which is the foundation throughout the product development lifecycle.
DrayTek follows local regulations and governmental laws to comply with requirements in every market. We consider data important and preserve data privacy properly.
In the planning stage, DrayTek team dedicates to updating security requirements to accommodate changes in functionality with threat-resistance code.
DrayTek follows a peer review policy to code development each time code is committed. This mechanism ensures oversight to all code development, helps reduce errors, and enhances engineer coding skills, and familiarity with the DrayOS code base. This process reduces security weaknesses and helps with the early identification of bugs.
To enhance professionalism, Draytek developers regularly attend CYBERSEC and external training programs. Documented secure programming principles are followed and we share security programs internally, which educates engineers to ensure robust security knowledge.
DrayTek products use third-party components to detect risks and threats. The vulnerability report shows the risk level and the number of alerts. According to the detailed description, developers make prompt response to fix and make correction before release.
To address new threats efficiently, it’s vital to prepare a quick response plan. DrayTek has a vulnerability disclosure policy, in which we describe the process and the duties of the involved team. The aim of the policy is to establish a rule and provide a new patch as soon as possible to minimize the damage.
For all DrayTek users, we continue supporting firmware updates to ensure up-to-date security features and provide a complete product service. At DrayTek, we understand the importance of information security, which is why we provide a firmware support period to our users beyond the end of the sale date, allowing them to stay up-to-date with the latest firmware updates. This ensures access to regular firmware updates and keeps systems secure.