{"id":151280,"date":"2024-02-15T17:00:26","date_gmt":"2024-02-15T17:00:26","guid":{"rendered":"https:\/\/bas-ip.com\/security-policy\/"},"modified":"2025-11-26T14:51:27","modified_gmt":"2025-11-26T14:51:27","slug":"security-policy","status":"publish","type":"page","link":"https:\/\/bas-ip.com\/cs\/security-policy\/","title":{"rendered":"Bezpe\u010dnostn\u00ed z\u00e1sady"},"content":{"rendered":"<h1 class=\"wp-block-heading\">Z\u00e1sady zve\u0159ej\u0148ov\u00e1n\u00ed zranitelnost\u00ed<\/h1>\n\n\n\n<h1 class=\"wp-block-heading\">Obecn\u00e9 informace<\/h1>\n\n\n\n<p>BAS-IP se \u0159\u00edd\u00ed p\u0159edn\u00edmi pr\u016fmyslov\u00fdmi postupy v \u0159\u00edzen\u00ed a reakci na bezpe\u010dnostn\u00ed zranitelnosti objeven\u00e9 v na\u0161ich produktech. Nen\u00ed mo\u017en\u00e9 zaru\u010dit, \u017ee produkty a slu\u017eby poskytovan\u00e9 na\u0161\u00ed spole\u010dnost\u00ed jsou zcela bez zranitelnost\u00ed. Toto nen\u00ed jedine\u010dn\u00e1 vlastnost, ale sp\u00ed\u0161e b\u011b\u017en\u00fd stav pro ve\u0161ker\u00fd software a slu\u017eby, ale m\u016f\u017eeme zaru\u010dit, \u017ee ve v\u0161ech f\u00e1z\u00edch v\u00fdvoje budeme vyv\u00edjet \u00fasil\u00ed k identifikaci a eliminaci potenci\u00e1ln\u00edch zranitelnost\u00ed, \u010d\u00edm\u017e sn\u00ed\u017e\u00edme riziko spojen\u00e9 s nasazen\u00edm produkt\u016f a slu\u017eeb BAS-IP v z\u00e1kaznick\u00fdch prost\u0159ed\u00edch.<\/p>\n\n\n\n<p>BAS-IP si je v\u011bdom, \u017ee n\u011bkter\u00e9 standardn\u00ed s\u00ed\u0165ov\u00e9 protokoly a slu\u017eby mohou m\u00edt inherentn\u00ed slabiny, kter\u00e9 mohou b\u00fdt zneu\u017eity. A\u010dkoli BAS-IP nen\u00ed zodpov\u011bdn\u00fd za tyto protokoly a slu\u017eby, poskytujeme doporu\u010den\u00ed pro sn\u00ed\u017een\u00ed rizik spojen\u00fdch s produkty, softwarem a slu\u017ebami BAS-IP ve <a href=\"https:\/\/basip.atlassian.net\/wiki\/spaces\/HP\/pages\/5046705\/The+practice+of+building+IP+intercom+systems\" target=\"_blank\" rel=\"noopener\">form\u011b r\u016fzn\u00fdch pr\u016fvodc\u016f<\/a>.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Co tato politika pokr\u00fdv\u00e1<\/h1>\n\n\n\n<p>Politika \u0159\u00edzen\u00ed zranitelnost\u00ed popsan\u00e1 v tomto dokumentu se vztahuje na v\u0161echny produkty, software a slu\u017eby pod zna\u010dkou BAS-IP.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Co tato politika nepokr\u00fdv\u00e1<\/h1>\n\n\n\n<p>N\u011bkter\u00e9 zranitelnosti nejsou pokryty politikou \u0159\u00edzen\u00ed zranitelnost\u00ed BAS-IP. Pros\u00edme, nepos\u00edlejte zpr\u00e1vy o zranitelnostech, kter\u00e9 nejsou pokryty politikou \u0159\u00edzen\u00ed zranitelnost\u00ed, na adresu <a href=\"mailto:security@bas-ip.com\" data-type=\"link\" data-id=\"security@bas-ip.com\">security@bas-ip.com<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zranitelnosti vy\u017eaduj\u00edc\u00ed <strong>vysok\u00e1 opr\u00e1vn\u011bn\u00ed<\/strong> a\/nebo <strong>soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed<\/strong>, kter\u00e9 jsou spu\u0161t\u011bny\/provedeny s root\/administr\u00e1torsk\u00fdm p\u0159\u00edstupem a\/nebo vy\u017eaduj\u00ed <strong>komplexn\u00ed<\/strong> interakci u\u017eivatele<\/li>\n\n\n\n<li><strong>P\u0159evzet\u00ed subdom\u00e9ny<\/strong> (<em>Subdomain takeover<\/em>), nap\u0159\u00edklad z\u00edsk\u00e1n\u00ed kontroly nad uzlem sm\u011b\u0159uj\u00edc\u00edm na aktu\u00e1ln\u011b nepou\u017e\u00edvanou slu\u017ebu<\/li>\n\n\n\n<li><strong>Nespr\u00e1vn\u00e9 konfigurace<\/strong> u\u017eivatele, kter\u00fdm lze p\u0159edej\u00edt dodr\u017eov\u00e1n\u00edm pr\u016fvodc\u016f BAS-IP<\/li>\n\n\n\n<li>Zranitelnosti v obsahu nebo aplikac\u00edch vytvo\u0159en\u00fdch <strong>u\u017eivateli nebo partnery t\u0159et\u00edch stran<\/strong>, jako jsou aplikace, kter\u00e9 lze st\u00e1hnout a spustit na za\u0159\u00edzen\u00edch BAS-IP<\/li>\n\n\n\n<li>Zranitelnosti <strong>Cross-Site Request Forgery (CSRF)<\/strong> nebo <strong>Cross-Site Scripting (XSS)<\/strong>, kter\u00e9 podvedou u\u017eivatele k n\u00e1v\u0161t\u011bv\u011b \u0161kodliv\u00e9 webov\u00e9 str\u00e1nky nebo kliknut\u00ed na maskovan\u00fd odkaz p\u0159i p\u0159\u00edstupu k webov\u00e9mu rozhran\u00ed za\u0159\u00edzen\u00ed BAS-IP<\/li>\n\n\n\n<li>Zranitelnosti <strong>t\u0159et\u00edch stran s otev\u0159en\u00fdm zdrojov\u00fdm k\u00f3dem<\/strong> registrovan\u00e9 s identifik\u00e1torem CVE, um\u00edst\u011bn\u00e9 v softwarov\u00fdch komponent\u00e1ch nebo bal\u00ed\u010dc\u00edch pou\u017e\u00edvan\u00fdch v produktech, softwaru nebo slu\u017eb\u00e1ch BAS-IP. B\u011b\u017en\u00e9 p\u0159\u00edklady takov\u00fdch softwarov\u00fdch komponent zahrnuj\u00ed j\u00e1dro Linux, OpenSSL, AOSP a dal\u0161\u00ed<\/li>\n\n\n\n<li><strong>Nedostatek bezpe\u010dnostn\u00edch hlavi\u010dek<\/strong> HTTP(S), jako je X-Frame-Options<\/li>\n\n\n\n<li>Zpr\u00e1vy o zranitelnostech generovan\u00e9 <strong>skenery s\u00ed\u0165ov\u00e9 bezpe\u010dnosti t\u0159et\u00edch stran<\/strong><\/li>\n\n\n\n<li><strong>Nepodporovan\u00e9<\/strong> produkty\/software\/slu\u017eby<\/li>\n\n\n\n<li>Testy <strong>Odep\u0159en\u00ed slu\u017eby<\/strong> (<em>DoS nebo DDoS<\/em>) nebo jin\u00e9 testy, kter\u00e9 naru\u0161uj\u00ed p\u0159\u00edstup k syst\u00e9mu nebo dat\u016fm nebo zp\u016fsobuj\u00ed jejich po\u0161kozen\u00ed<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Povinnosti<\/h1>\n\n\n\n<p>BAS-IP si v\u00e1\u017e\u00ed a povzbuzuje \u00fasil\u00ed v\u00fdzkumn\u00edk\u016f p\u0159i identifikaci a hl\u00e1\u0161en\u00ed zranitelnost\u00ed v produktech, softwaru a slu\u017eb\u00e1ch BAS-IP. V souladu s procesem odpov\u011bdn\u00e9ho zve\u0159ej\u0148ov\u00e1n\u00ed bude t\u00fdm pro bezpe\u010dnost produkt\u016f BAS-IP, v r\u00e1mci sv\u00fdch mo\u017enost\u00ed, respektovat z\u00e1jmy v\u00fdzkumn\u00edk\u016f prost\u0159ednictv\u00edm vz\u00e1jemn\u00e9 spolupr\u00e1ce a transparentnosti po celou dobu procesu zve\u0159ej\u0148ov\u00e1n\u00ed.<\/p>\n\n\n\n<p>Spole\u010dnost BAS-IP o\u010dek\u00e1v\u00e1, \u017ee v\u00fdzkumn\u00edci <strong>nezve\u0159ejn\u00ed zranitelnosti do uplynut\u00ed 90denn\u00ed lh\u016fty nebo vz\u00e1jemn\u011b dohodnut\u00e9ho data<\/strong> a \u017ee budou prov\u00e1d\u011bt v\u00fdzkum zranitelnost\u00ed v <strong>z\u00e1konn\u00fdch mez\u00edch<\/strong>, ani\u017e by zp\u016fsobili \u0161kodu, odhalili d\u016fv\u011brn\u00e9 informace nebo ohrozili bezpe\u010dnost Spole\u010dnosti BAS-IP, jej\u00edch partner\u016f a z\u00e1kazn\u00edk\u016f.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">\u0158\u00edzen\u00ed zranitelnost\u00ed<\/h1>\n\n\n\n<p>Spole\u010dnost BAS-IP posuzuje zranitelnosti pomoc\u00ed dob\u0159e zn\u00e1m\u00e9ho <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3-1\" target=\"_blank\" rel=\"noopener\">syst\u00e9mu hodnocen\u00ed <strong>CVSS<\/strong><\/a>.<\/p>\n\n\n\n<p>Pokud jde o zranitelnosti komponent s otev\u0159en\u00fdm zdrojov\u00fdm k\u00f3dem, BAS-IP m\u016f\u017ee posoudit zranitelnost v z\u00e1vislosti na jej\u00ed v\u00fdznamnosti v kontextu toho, jak BAS-IP doporu\u010duje implementovat sv\u00e9 produkty, software a slu\u017eby. Konzultace v oblasti bezpe\u010dnosti jsou obvykle poskytov\u00e1ny pouze pro zranitelnosti specifick\u00e9 pro BAS-IP.<\/p>\n\n\n\n<p><strong>Prioritn\u00ed rozd\u011blen\u00ed<\/strong>, kdy\u017e byla zranitelnost posouzena a podl\u00e9h\u00e1 n\u00e1prav\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVSS 3.1 high\/critical (7.0 \u2013 10.0)<\/strong><br>BAS-IP se sna\u017e\u00ed zranitelnost napravit p\u0159ed nebo do <strong>4 t\u00fddn\u016f<\/strong> po extern\u00edm zve\u0159ejn\u011bn\u00ed. U komponent s otev\u0159en\u00fdm zdrojov\u00fdm k\u00f3dem je \u010dasov\u00fd r\u00e1mec obvykle del\u0161\u00ed, proto\u017ee BAS-IP je z\u00e1visl\u00fd na extern\u00edch stran\u00e1ch pro informace, opravy a\/nebo ov\u011b\u0159en\u00ed<\/li>\n\n\n\n<li><strong>CVSS 3.1 medium (4.0 \u2013 6.9)<\/strong><br>BAS-IP se sna\u017e\u00ed zranitelnost napravit, obvykle do <strong>2-3 m\u011bs\u00edc\u016f<\/strong><\/li>\n\n\n\n<li><strong>CVSS 3.1 low (0.1 \u2013 3.9)<\/strong><br>BAS-IP pl\u00e1nuje napravit zranitelnost v <strong>dal\u0161\u00ed pl\u00e1novan\u00e9 verzi<\/strong><\/li>\n\n\n\n<li>Podporovan\u00fd software\/slu\u017eby<br>F\u00e1ze podpory softwaru\/slu\u017eeb BAS-IP je ur\u010dena v r\u00e1mci celkov\u00e9ho procesu \u017eivotn\u00edho cyklu softwaru. Software\/slu\u017eby BAS-IP jsou obvykle podporov\u00e1ny po dobu <strong>1 roku po ozn\u00e1men\u00ed ukon\u010den\u00ed \u017eivotn\u00edho cyklu<\/strong> (<em>end-of-life<\/em>).<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Hl\u00e1\u0161en\u00ed zranitelnosti<\/h1>\n\n\n\n<p>BAS-IP neust\u00e1le pracuje na identifikaci a zm\u00edrn\u011bn\u00ed rizik spojen\u00fdch se zranitelnostmi v na\u0161ich produktech. Nicm\u00e9n\u011b, pokud jste objevili zranitelnost syst\u00e9mu bezpe\u010dnosti souvisej\u00edc\u00ed s produktem, softwarem nebo slu\u017ebou BAS-IP, d\u016frazn\u011b doporu\u010dujeme, abyste probl\u00e9m <strong>okam\u017eit\u011b<\/strong> nahl\u00e1sili. V\u010dasn\u00e9 hl\u00e1\u0161en\u00ed zranitelnost\u00ed syst\u00e9mu bezpe\u010dnosti je kl\u00ed\u010dov\u00e9 pro sn\u00ed\u017een\u00ed pravd\u011bpodobnosti jejich praktick\u00e9ho vyu\u017eit\u00ed. Bezpe\u010dnostn\u00ed zranitelnosti souvisej\u00edc\u00ed s komponentami softwaru s otev\u0159en\u00fdm zdrojov\u00fdm k\u00f3dem by m\u011bly b\u00fdt hl\u00e1\u0161eny p\u0159\u00edmo odpov\u011bdn\u00e9 organizaci.<\/p>\n\n\n\n<p>Koncov\u00ed u\u017eivatel\u00e9, partne\u0159i, dodavatel\u00e9, pr\u016fmyslov\u00e9 skupiny a nez\u00e1visl\u00ed v\u00fdzkumn\u00edci, kte\u0159\u00ed objevili potenci\u00e1ln\u00ed zranitelnost, jsou vyz\u00fdv\u00e1ni, aby nahl\u00e1sili sv\u00e1 zji\u0161t\u011bn\u00ed na <strong><a href=\"mailto:security@bas-ip.com\">security@bas-ip.com<\/a><\/strong> nebo vypln\u011bn\u00edm <strong><a href=\"https:\/\/docs.google.com\/forms\/d\/e\/1FAIpQLSdetHDUfdt0Fxk9ctY1-XWJARmQA_2-wBeXVbX2fnweQasVAA\/viewform\" target=\"_blank\" rel=\"noopener\">anonymn\u00edho formul\u00e1\u0159e<\/a><\/strong>.<\/p>\n\n\n\n<p><strong>Odeslan\u00e1 zpr\u00e1va by m\u011bla zahrnovat:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Technick\u00e9 informace o potenci\u00e1ln\u00ed zranitelnosti<\/li>\n\n\n\n<li>Kroky k reprodukci<\/li>\n\n\n\n<li>Odhadovan\u00fd dopad a z\u00e1va\u017enost v p\u0159\u00edpad\u011b zneu\u017eit\u00ed dle CVSS 3.1<\/li>\n\n\n\n<li>Vlastn\u00ed politika zve\u0159ej\u0148ov\u00e1n\u00ed zranitelnost\u00ed v\u00fdzkumn\u00edka, pokud existuje<\/li>\n<\/ul>\n\n\n\n<p>Od Spole\u010dnosti BAS-IP m\u016f\u017eete o\u010dek\u00e1vat n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u010cas prvn\u00ed odezvy \u2014 do <strong>3 pracovn\u00edch dn\u016f<\/strong> po obdr\u017een\u00ed prvotn\u00ed zpr\u00e1vy<\/li>\n\n\n\n<li>Doba zpracov\u00e1n\u00ed (od okam\u017eiku obdr\u017een\u00ed prvn\u00ed odezvy) \u2014 do <strong>10 pracovn\u00edch dn\u016f<\/strong><\/li>\n\n\n\n<li>Budeme maxim\u00e1ln\u011b transparentn\u00ed ohledn\u011b krok\u016f, kter\u00e9 podnik\u00e1me v procesu n\u00e1pravy, v\u010detn\u011b ot\u00e1zek a probl\u00e9m\u016f, kter\u00e9 mohou \u0159e\u0161en\u00ed zpozdit<\/li>\n\n\n\n<li>Budeme udr\u017eovat otev\u0159en\u00fd dialog k projedn\u00e1n\u00ed probl\u00e9m\u016f<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Zve\u0159ejn\u011bn\u00ed zranitelnosti<\/h2>\n\n\n\n<p>Jakmile je zpr\u00e1va o objeven\u00e9 zranitelnosti prozkoum\u00e1na a potvrzena jako prav\u00e1, BAS-IP zah\u00e1j\u00ed proces <strong>odpov\u011bdn\u00e9ho zve\u0159ej\u0148ov\u00e1n\u00ed<\/strong>. BAS-IP se sna\u017e\u00ed spolupracovat s v\u00fdzkumn\u00edkem ohledn\u011b dal\u0161\u00edch podrobnost\u00ed, jako je posouzen\u00ed CVSS 3.1, obsah bezpe\u010dnostn\u00edho doporu\u010den\u00ed a\/nebo tiskov\u00e9 zpr\u00e1vy (pokud je relevantn\u00ed), a datum extern\u00edho zve\u0159ejn\u011bn\u00ed.<\/p>\n\n\n\n<p>Po dohod\u011b mezi Spole\u010dnost\u00ed BAS-IP a v\u00fdzkumn\u00edkem bude zranitelnost zve\u0159ejn\u011bna pro extern\u00ed \u00fa\u010dely prost\u0159ednictv\u00edm publikov\u00e1n\u00ed bezpe\u010dnostn\u00edch doporu\u010den\u00ed a\/nebo tiskov\u00e9 zpr\u00e1vy Spole\u010dnost\u00ed BAS-IP.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Historie zm\u011bn dokumentu<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><th>Verze<\/th><th>Datum<\/th><th>Popis<\/th><\/tr><tr><td>1.0<\/td><td>15.02.2024<\/td><td>Prvn\u00ed vyd\u00e1n\u00ed<\/td><\/tr><\/tbody><\/table><\/figure>","protected":false},"excerpt":{"rendered":"<p>Z\u00e1sady zve\u0159ej\u0148ov\u00e1n\u00ed zranitelnost\u00ed Obecn\u00e9 informace BAS-IP se \u0159\u00edd\u00ed p\u0159edn\u00edmi pr\u016fmyslov\u00fdmi postupy v \u0159\u00edzen\u00ed a reakci na bezpe\u010dnostn\u00ed zranitelnosti objeven\u00e9 v na\u0161ich produktech. Nen\u00ed mo\u017en\u00e9 zaru\u010dit, \u017ee produkty a slu\u017eby poskytovan\u00e9 na\u0161\u00ed spole\u010dnost\u00ed jsou zcela bez zranitelnost\u00ed. Toto nen\u00ed jedine\u010dn\u00e1 vlastnost, ale sp\u00ed\u0161e b\u011b\u017en\u00fd stav pro ve\u0161ker\u00fd software a slu\u017eby, ale m\u016f\u017eeme zaru\u010dit, \u017ee ve v\u0161ech [&hellip;]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-151280","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/pages\/151280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/comments?post=151280"}],"version-history":[{"count":2,"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/pages\/151280\/revisions"}],"predecessor-version":[{"id":151346,"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/pages\/151280\/revisions\/151346"}],"wp:attachment":[{"href":"https:\/\/bas-ip.com\/cs\/wp-json\/wp\/v2\/media?parent=151280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}