····
····
····
····
····

Product Security
Incident Response Team

We protect the integrity of Cheery Energy products by working with security researchers, customers, and partners to handle vulnerabilities with professionalism and transparency.

ISO/IEC 29147 Compliant 🔐 PGP Encrypted ⏱ 2-Day Acknowledgement
About

What is PSIRT?

The Cheery Energy Product Security Incident Response Team is a dedicated group responsible for receiving, investigating, coordinating, and disclosing security vulnerabilities in our products. We operate under ISO/IEC 29147 and ISO/IEC 30111 standards.

Triage & Validation

Receive vulnerability reports from researchers, customers, and the public. Classify and validate every submission.

Cross-Team Coordination

Coordinate with R&D, product management, and quality teams to develop and test mitigations.

Advisory Publication

Publish security advisories with coordinated disclosure, providing customers with clear mitigation guidance.

Continuous Improvement

Feed vulnerability insights back into the product development lifecycle to raise the security baseline.

Vulnerability Reporting

Report a Security Vulnerability

We highly value coordinated vulnerability reports from the security community — researchers, academics, customers, and partners alike.

1

Prepare Your Report

Document the affected product model, firmware version, detailed vulnerability description, reproduction steps, and impact assessment.

2

Encrypt with PGP

Use our PGP public key below to encrypt sensitive vulnerability information before sending.

3

Send to PSIRT

Email your encrypted report to psirt@cheeryenergy.com.

4

Receive Acknowledgement

We commit to acknowledging receipt within 2 business days and will assign a tracking ID to your case.

📧 Report a Vulnerability

Encrypt your findings with our PGP key and send to:

PGP Public Key — Download

Download our PGP public key to encrypt sensitive vulnerability reports.

Download PGP Key pgp-key.asc · 5.6 KB
Key ID: 0x1FB75A431A170A83
Fingerprint: 5874 6D75 5119 C7F0 E3A3 E8AA 1FB7 5A43 1A17 0A83
User ID: Cheery Energy PSIRT <PSIRT@cheeryenergy.com>

If this is your first contact with PSIRT, or your PGP key has changed, please attach your PGP public key to your initial email for end-to-end encryption.
Security Advisories

Published Advisories & CVEs

Security advisories for Cheery Energy products, published under our coordinated disclosure policy once mitigations are available.

Advisory ID Affected Product Severity CVE Date
Loading advisories…
Disclosure Policy

Coordinated Vulnerability Disclosure

Cheery Energy follows the Coordinated Vulnerability Disclosure (CVD) model. We ask reporters to:

What to Include in Your Report

To help us triage and validate efficiently, please include as much of the following as possible:

Affected Product

Model number, hardware revision, firmware/software version.

Vulnerability Details

Type (CWE reference), affected component or functional module.

Reproduction Steps

Detailed steps, proof-of-concept code (if available), test environment configuration.

Impact Assessment

Potential security impact, suggested CVSS score if available.

Timeline

Date of discovery, whether already public, any planned disclosure timeline.

Contact Information

Reporter name/alias, PGP public key, preferred method of contact.

Process Timeline

1

Acknowledgement

Confirmation within 2 business days. Tracking ID assigned.

2

Triage

PSIRT assesses validity and severity (CVSS scoring).

3

Remediation

Product teams develop fixes or mitigations in coordination with PSIRT.

4

Coordinated Disclosure

Disclosure date agreed with reporter. Security advisory published.