Product Security Policy

Shanghai Rockcore Electronics Technology Co., Ltd. focuses on the research, development, production, and sales of new energy systems centered on photovoltaic microinverters. Our main products include photovoltaic microinverters and PV energy storage systems. With complete intellectual property rights for our core products and over a decade of experience in the distributed photovoltaic sector, we are committed to providing safe, efficient, and convenient photovoltaic system solutions to users worldwide.

This policy applies to any vulnerabilities you are considering reporting to us. We recommend reading this policy in full before submitting a report and adhering to its guidelines.

Reporting Vulnerabilities

If you believe you have discovered a security vulnerability, please report it to us via the following email:

info@rockcore.com.cn

In your report, please include:

Vulnerability Details

¡  e The asset where the vulnerability can be observed (e.g., web address, IP address, product, or service name).

¡ T  Title of the vulnerability.

¡ A  A description of the vulnerability, including a summary, supporting files, and possible mitigation measures or recommendations.

¡ I   Impact (what an attacker could achieve).

¡ S  Steps to reproduce the issue. These should be benign, non-destructive proof-of-concept steps. This helps ensure the report can be promptly and accurately triaged, reducing duplicate reports or malicious exploitation of certain vulnerabilities, such as subdomain takeovers.

Optional Contact Information

¡ N   Name

¡      Email address

What to Expect

After submitting your report, we will respond within 5 working days and aim to triage your report within 20 working days (resolution time may vary depending on the severity of the issue).

The priority for remediation is determined based on impact, severity, and exploit complexity. Vulnerability reports may take time to triage or address.

Once the reported vulnerability has been resolved, we will notify you and may invite you to confirm whether the solution adequately addresses the vulnerability.

Guidelines

Please DO NOT:

Violate any applicable laws or regulations.

Disrupt the company's services or systems.

Modify data in the company's systems or services.

Use invasive or destructive scanning tools to find vulnerabilities.

Access unnecessary, excessive, or sensitive data.

Attempt or report any form of denial-of-service attack, such as overwhelming a service with a high volume of requests.

Statement of Software Support Period

Product Name：RCMI、RC-C

Duration of Support Period：Technical support services will be provided for 3 years from the date of product delivery/release.

Time Range of Support Period：

· Start Date: July 30, 2025

· End Date: July 30, 2028

Description of Support Content：
During the above-mentioned support period, we will provide the product with technical support services including but not limited to the following：

· Software bug fixes (with response levels corresponding to the severity of the bug)

· Necessary version updates and patch pushes

· Technical consultation and troubleshooting (handled through official customer service channels)

· Updates and maintenance of relevant documents

Shanghai Rockcore Electronics Technology Co.,Ltd.
Release Date: July 30, 2025