About the Blueberry PSIRT

The Blueberry Product Security Incident Response Team (PSIRT) is responsible for receiving, triaging, fixing, and disclosing security vulnerabilities in Blueberry-operated products.

Scope

The PSIRT handles security issues affecting:

• Volts AIoT Suite (cloud backend services)
• Volts Gateway hardware and firmware (v1 HLK-7688A, v2 HLK-7621A)
• Volts mobile applications (iOS and Android, bundle id com.blueberry.iot)
• Blueberry-operated corporate infrastructure where it intersects with product security

Structure

The PSIRT is a corporate function of Blueberry Software AD. It operates as a shared service for the entire Blueberry group, including affiliated entities such as Volts EOOD. The issuer of record on every advisory is Blueberry Software AD, regardless of which group entity placed the affected product on the market.

Standards and process

We follow the principles of:

• Coordinated Vulnerability Disclosure (CVD)
• ISO/IEC 29147 (vulnerability disclosure)
• ISO/IEC 30111 (vulnerability handling)
• OASIS CSAF 2.0 for machine-readable advisories
• EU Cyber Resilience Act (Regulation (EU) 2024/2847), Article 14 reporting
• RFC 9116 for the security.txt contact convention

Contact

security@blueberry.bg — encrypt with our PGP key when sending sensitive material.

For non-security questions, please use the regular product support channels.