Product Security

Product Security Statement

BIG is committed to ensuring the security of its products and protecting customers from cybersecurity risks. We take a proactive approach to product security and follow industry best practices for secure development, risk management, and vulnerability handling.

We support responsible vulnerability disclosure and encourage security researchers, customers, and partners to report any potential security issues. All reported vulnerabilities are reviewed and addressed through our internal security management process.

Security Contact

For reporting security vulnerabilities or raising security-related concerns, please contact us at:
Email: security@fsbig.com

Vulnerability Disclosure Policy

BIG welcomes reports of potential security vulnerabilities from customers, partners, and independent security researchers.

If you believe you have identified a vulnerability in our products, please report it to us using the contact email provided above.

We kindly request that:

  • Vulnerabilities are reported responsibly and in good faith
  • Sufficient detail is provided to allow us to reproduce and investigate the issue
  • The vulnerability is not publicly disclosed until we have had a reasonable opportunity to assess and resolve it

We are committed to working collaboratively with reporters to understand and remediate valid security issues.

Vulnerability Handling and Response Process

BIG follows a structured process for handling reported vulnerabilities:

  • Acknowledgment: We aim to acknowledge receipt of vulnerability reports within 5 business days
  • Assessment: Our security team evaluates the report to determine its validity and potential impact
  • Investigation: We conduct a detailed analysis and, where necessary, coordinate with suppliers and technology partners
  • Remediation: Appropriate corrective actions are identified and implemented
  • Communication: We may provide updates to the reporting party where appropriate

Security Updates Policy

BIG works continuously to maintain product security throughout the product lifecycle.

Where applicable and technically feasible, we provide:

  • Security updates
  • Bug fixes
  • Corrective actions

These updates are delivered in accordance with:

  • Customer agreements
  • Product support policies
  • Technical and operational feasibility

Compliance

This Product Security page is provided in support of compliance with applicable cybersecurity regulations and standards, including:

  • UK PSTI (Product Security and Telecommunications Infrastructure)
  • EU RED Cybersecurity Requirements
  • EN 18031

These frameworks require manufacturers to demonstrate effective vulnerability management and security response capabilities.

Additional Information

We are committed to continuously improving our cybersecurity practices and aligning with evolving regulatory and industry requirements.

For further information or questions regarding product security, please contact us using the details above.