Report potential product security vulnerabilities

About ST PSIRT

ST's Product Security Incident Response Team (ST PSIRT) supervises the process of accepting and responding to potential security vulnerabilities involving ST hardware and software products.

ST places a high priority on security, and ST PSIRT is committed to rapidly addressing potential security vulnerabilities affecting our products. Our long history and vast experience in security allows ST to preform clear analyses and provide appropriate guidance on mitigations and solutions when applicable.

If you wish to report a potential security vulnerability regarding our products, we encourage you to report it to ST PSIRT by following the steps described on this page.

How to report a potential security vulnerability

To report a potential security vulnerability, please contact ST PSIRT at psirt@st.com.
All exchanges and reports should be provided in English.

Because of the sensitive nature of such reporting, the ST PSIRT highly encourages all submitted security vulnerability reports to be sent encrypted, using the ST PSIRT PGP/GPG Key:

  • Fingerprint: F2B8 13E0 6AD0 CBD0 81B9 FA94 0FEE E399 08AE 602C
  • Public Key File (ZIP, 3 KB)
Free software to read and author PGP/GPG encrypted messages may be obtained from:
IMPORTANT-READ CAREFULLY:

STMicroelectronics International N.V., on behalf of itself, its affiliates and subsidiaries, (collectively “ST”) takes all potential security vulnerability reports or other related communications (“Report(s)”) seriously. In order to review Your Report (the terms “You” and “Yours” include your employer, and all affiliates, subsidiaries and related persons or entities) and take actions as deemed appropriate, ST requires that we have the rights and Your permission to do so.

As such, by submitting Your Report to ST, You agree that You have the right to do so, and You grant to ST the rights to use the Report for purposes related to security vulnerability analysis, testing, correction, patching, reporting and any other related purpose or function.

Recommended information to include in your report

To allow ST PSIRT processing the potential discovered security vulnerability, you should provide the following information:

  • ST product identification: part number or product reference and version (hardware or software)
  • Complete technical description of the potential vulnerability, including any related known exploits
  • How and when the potential vulnerability was discovered
  • Any public information already published or publication planning (CVE, academic paper publication, etc.)
  • Your contact information to use during the process

Insufficient information may prevent ST from evaluating the request.

Vulnerability management process

Once submitted, ST PSIRT will manage the reported vulnerability according to the following process:

  1. Reporting a new vulnerability: At this stage, ST PSIRT will acknowledge the reception of the reported issue.
  2. Evaluating: ST PSIRT will evaluate the potential vulnerability to understand if there is an issue, analyze it, and set a priority to manage valid issues. ST PSIRT may come back to the submitter in case some information is missing from the original report or if clarification is needed.
  3. Solving: ST PSIRT will investigate potential solutions and mitigations to address the issue.
  4. Communicating: Once a solution is available (fix or mitigation), ST PSIRT will communicate back to the submitter and others where appropriate.

Public security advisories

The above should not be deemed a complete list of all security incidents related to ST Products. If you wish to find out more about the security status of a particular ST Product, please contact your ST sales representative.

製品

検索履歴

ブックマーク

Please log in  to show your saved searches.

戻る
戻る
戻る