公司
产品
解决方案
开发者
支持
新闻与活动
工作机会
CN
CN
EnglishChinese
Ampere Computing Logo
Ampere Computing Logo
解决方案
解决方案主页
平台系统
解决方案
性能总览
Reference Architecture Overview
Tuning Guides Overview
工作负载简介概览
如何购买
Ampere 系统
Ampere Altra
Azure
Equinix
甲骨文
腾讯云
谷歌云
Ampere AI 下载工作原理常见问题
AI 框架
Arm 原生应用软件合作伙伴Arm 原生用例常见问题
AIC 解决方案回归测试
Web 服务架构应用常见问题
Web 服务回归测试
云原生
大数据架构组件框架常见问题
大数据解决方案回归测试
视频服务架构
视频
开发者
开发者中心部署云应用使能开源社区把数据用起来构建云应用设计云应用
支持
支持主页产品获取帮助
CN
CN
EnglishChinese
Hero Image

产品安全

The Ampere Security Team proactively searches for and responds to all reported security vulnerabilities on all our products. We are committed to rapidly mitigating security vulnerabilities affecting our products and providing clear guidance to the security community, customers, partners, and end users on the solution, impact, severity and mitigation of any issues.

Security Bulletins

Product Security Bulletins are listed below. Click on the Title link in the table to view more details.

Bulletin IDTitleCVESPublished DateLast Updated
AMP-SB-0001 Impact of Spectre BHB on AmpereCVE-2022-253683/8/20223/8/2022
AMP-SB-0002Altra SPI-NOR SMCCVE-2022-322956/29/20226/29/2022
AMP_SB_0003PlatypusCVE-2021-454548/11/20228/11/2022
AMP-SB-0004Retbleed CVE-2022-374598/11/20228/11/2022
AMP-SB-0005Hertzbleed CVE-2022-358888/11/20228/11/2022

Reporting a Potential Security Vulnerability

If you have discovered a potential security vulnerability in an Ampere product, please contact the Ampere Security Team at psirt@amperecomputing.com. Please include the following details:

  • The product(s) and version(s) affected
  • Detailed description of the vulnerability including steps necessary to replicate the issue
  • Known exploits

For non-product related security vulnerabilities, please email us at BugBounty@amperecomputing.com

Ampere treats all security vulnerability information as extremely sensitive and we recommend that all security vulnerability reports sent to Ampere be encrypted using the Ampere PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGJZrawBEACxcBCz2vHJAZUEf7adgRAdu7EjvGhcrPcPfuwd0Idtb93U+njgtsV6Lk3dN6GLnNI/zimRjE3yalXplkvN4Ow4fk05lYpXo1Yx8RuXJjEwjdGl7yS2nP3apIPifXo8/7OxEhtTrh5F3nz9KcYF8iImjqvCPRpwWybEEgHm5Dj/QRwA5Kp/NIMADIaOvlhs8HFu2dAx7sRCqQ/VzCnlf516FpONQ4XQylkN7pI0Brj7RQ9W7LvTlZj38xGTxRiJhMDoasLyuNxcOk6jmcwqHeC0dGAfYzLMXdfbZnRn3KTTZw0rRHJxovW8AfvHZ9sAeAm1DMxx8wphdGAmXghGX44YRLEaRiIpSIQJTlHQa4Pm2Rkb+eDENbkj9nO5Pqo4hFfINE37NMXRa68ozY6dd0JLIxUP4KvorS3XjIH4OWQsZTzoPU5M0AqzEj8662WmJCJb2GP6Wy0QGoABmW4OpLNewMNoI9P2nomPZTqXds+95LCkaPDKmI+RGD1S7w6skjiDsFrdkRznxqgGrY2Tn7AoUXOEGgi+UZAYlhQdiqZP0uc/W/VQVYSNeQle1eNJX3vMMPn7mHa2IWC7/hT8Am9I3+89zNEWT3363fbos1jdPGX/oMnzqrawcfCn98Eo/YF8LELVY71gA2MUbNjz2I4kPXohWk7mNtnOMSLpq5XmQwARAQABtEVBbXBlcmUgUHJvZHVjdCBTZWN1cml0eSBOb3RpZmljYXRpb24gPGl0c2VydmljZXNAYW1wZXJlY29tcHV0aW5nLmNvbT6JAlQEEwEIAD4WIQQajFFi4fqe0ftZRt/AwuzeyW0GawUCYlmtrAIbAwUJEs/xXgULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDAwuzeyW0GawCID/9ki6l9RJaMJMq00OMO4J3CefpPcONTm6RMKmgKVvNQJ3bX9p/PLz3vATisfWgyhVQKrNuvVENelAR8s6YzaE1gnyybcWyRRk55v+NjfmkneYf3m7zL83vNYOtg/88ZWYf16EuK/Ln3v4Ok9jpND8bg5pvZ4XLT4h7FcvZo42+PX0Nvcirp1i9IE8I8IOB/Um3EA9MesAbdaa2DtMN/IFGqBL6/PuRwxyScjMhq6GY3bPjhpKTrCwixu6HIAcHksAwCw7kYX4rXGn00ISdjY1nXd11z1LDT5D3aCTU9XGGqEyzHFy0HQvmhX/yFi/kNnB+9MAZW+20ecnroBK2qruexhP2OfPTAR8ly1LH7WiTw5g7aFoC8vHyipN8Sslw4MhLDxpNlgoDf72+BIA5ybAUXAPiBgqrNRdQgvGP5WlRYb4sQxgQ3/KrzUZqLC0z38k+GntyZQqFF820LECmLgVlMZUMtvF2AGu4w3lc1+qYP/Zik4+RKjvNOFziS1KYPWXQO7Qhza62GC116ZnXfsxI9vF9crZgvcjwJrFQUMiHYyIpgPnIjuFxFla1sIoQgT0zdVo2ZfnWbL+R/qktobF+8dmniR+4yDnEiZip44hXHF7/6y8IKgRtsCVYZ0VPwLz0bCUS6s1fzBkvJPWvrF9EEiNi9D1qOBV2f3MfoJVrULrkCDQRiWa2sARAAwGh6WiI8EmvNKnqMNuHHZMwCMd+7tCbaxzif6bpXOD620CMorZD5noRm3Q64IR7pKw7aogWaAM3bfvU5O/NlFqSF7Ve9yuOI9EM/4/tNTOeAXl0CjnKbQNNlldZ5XixwPeSY3ROj0tSBnrSkXm8Cv9RcAeSnyezulpIhaW4/QTWu5ZJvi8YEbsq6A3oF48LO4JmNG5n3vuGnRKHvAv1g7iYpmirNTXpHPq9AF1QFuDC+OIVTX0fNd3Uj1XAKyxQh6R9577HLlWWOBiDsaa2LAU1HHJtJ35Tx9AWa67aSsezDeOhPaahc35ZxKKl2G2pilIpGYZt0O7qdhZO1GgF9cZ/oUeEK32Q/qC+M1sBuqMVzej2jiWioVnFd4pHb7kKf932qD2ULF6r2Y8weEdu4I4rXwdWk6RjkFfFKrzOe3QE12JSKJIQmmebCpWYPihEoOX7KdQFllozTIHFM8ta7/Cw617ZFQWuLMo3wZHnCb4XTSWo9WX5Joit7udRfYblsWXPAwJIu3kVks984AGljTgdgs0Y0HyuI+0Ju4ZURZNXTgXUlsC+VoOYQKODrW+ocN9u6VAr4IfjJ0emOUtI+671mQi/U/naUQiUk9CpPaDHL7FPgli1DlJxEIO0ML2oqpT7o9GfscUkVxGeQZSJT1CvbHaG/uD7+GZ0GYfQQZLMAEQEAAYkCPAQYAQgAJhYhBBqMUWLh+p7R+1lG38DC7N7JbQZrBQJiWa2sAhsMBQkSz/FeAAoJEMDC7N7JbQZr3y0QAIn46WkC3B5oGZ5RvQ93ioIZG6wAEugy17ATzbp7lvUKz1Kbfm3crrj6gjNdkTPS2xJ2xpRzSXsNi7Cn8ByJ2ISlPNi6Nf/oR6Xbw9+5/QoGpGInHv36v4MeZIegq18+J2xTLskwaLyxWIanuedgtLvGhIgZZkeUOOTT6LqB7V2uYiwvosWtM+LSYBvOGYpRFHsyH/DZFF3HBKbP8Nmie8vszKDs89Yuwy91pOSxt+9ojov4nsiEcuy8lod+LWpxKASbxWTzXdEi2GQuyi+5BIXKO0mvfoo04yUV3HWdWTQy6rCqZYl33RD9MxPonT1uFXL4IE2WmKY+CA7c98Ov9RLtxxemOs1UCPtATYX8IgusoDR3UBqbpNG8OWN8bBitu0514QKmzoHkE5M+jdU9dNvC0irLahReqlaFZO/Ktc4WpLe04AmVjhzVsI8JmedrOGdT7NUbhxXBHTGTyOUKSaVGlht1oDrBxDJb9CnhKYlSvCG2M752ARvgSjif+6DUhu5B+URBY3b0ktR75UYKKxjd2uggwvtR53TUK4lZgOszwq7vPY0LFmPDwdCOr3P74891eqgGIAlMaduCrOHYKDhj/k/EIe2E68nsNgRxvV66m0j9fTmixyXN6LlRfR5XfRggxWJbFSEEy1ZRzp0R227clcJ6Y7u0QAmyxfLZJK6s=ub9j

-----END PGP PUBLIC KEY BLOCK-----

Software and instructions to encrypt messages may be obtained from: OpenPGP or GnuPGP

Publication of Security Information

Ampere publishes all security information regarding security vulnerabilities in Ampere products, including any fixes, workarounds or other actions at the Ampere Product Security Center. Ampere also publishes mitigated vulnerabilities to public bug databases such as CVE .

Vulnerability Handling Process

All security vulnerabilities in Ampere products are actively managed through a well-defined process in compliance with the best practices per CVE.org to follow industry standards. The time to mitigate a vulnerability varies based on the scope of the issue.

The process follows these steps:

  • Discovery: The process begins when the Ampere Security Team becomes aware of a potential security vulnerability in an Ampere product. The reporter receives an acknowledgement and updates throughout the process.
  • Evaluation: The Ampere Security Team confirms the potential vulnerability, assesses the risk, determines the impact, and scores the issue using CVSS.
  • Mitigation: The Ampere Security Team works with the product team and partners to develop a solution that mitigates the security vulnerability. In cases where a vulnerability is being actively exploited, Ampere may deliver a temporary solution to contain the issue while working on the complete solution.
  • Communication: The Ampere Security Team publishes a security advisory at Ampere Product Security Center for fixed issues. Ampere Computing communicates with customers through a variety of methods. Ampere will acknowledge the reporter in the advisory if requested.

DISCLAIMER

All data and information contained in or disclosed by this document are for informational purposes only and are subject to change.

This page may contain technical inaccuracies, omissions and typographical errors, and Ampere® Computing LLC, and its affiliates (“Ampere®”), is under no obligation to update or otherwise correct this information. Ampere® makes no representations or warranties of any kind, including express or implied guarantees of noninfringement, merchantability or fitness for a particular purpose, regarding the information contained in this document and assumes no liability of any kind. Ampere® is not responsible for any errors or omissions in this information or for the results obtained from the use of this information. All information in this presentation is provided “as is”, with no guarantee of completeness, accuracy, or timeliness.

This page is not an offer or a binding commitment by Ampere®. Use of the products and services contemplated herein requires the subsequent negotiation and execution of a definitive agreement or is subject to Ampere’s Terms and Conditions for the Sale of Goods.

This document is not to be used, copied, or reproduced in its entirety, or presented to others without the express written permission of Ampere®.

The technical data contained herein may be subject to U.S. and international export, re-export, or transfer laws, including “deemed export” laws. Use of these materials contrary to U.S. and international law is strictly prohibited.

©2022 Ampere® Computing LLC. All rights reserved. Ampere®, Ampere® Computing, Altra and the Ampere® logo are all trademarks of Ampere® Computing LLC or its affiliates. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Created At : December 26th 2022, 5:18:10 am
Last Updated At : December 29th 2022, 8:48:41 am
Ampere Logo

Ampere Computing

4655 Great America Parkway

Suite 601 Santa Clara, CA 95054

Tel: +86-021-64338766

info[at]amperecomputing.com

关于我们
联系我们
隐私政策
Cookie 使用政策
CCPA 政策通知
站点地图
image
image
© 2022 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.