Bosch PSIRT
Making Bosch secure

Bosch PSIRT

Vulnerability and Incident Management Processes

Overview of the Bosch PSIRT processes

wd

Bosch delivers products that offer the best quality and reliability. The Bosch Product Security Incident Response Team (PSIRT) supports this by helping to resolve security issues identified in Bosch products by security researchers, partners, or customers.

The Bosch PSIRT process consists of four stages, which are based on the FIRST framework:

  • Discovery
  • Triage
  • Remediation
  • Disclosure

Discovery

A potential vulnerability is reported to the Bosch PSIRT.

Triage

Bosch PSIRT cooperates with the relevant Bosch development team to investigate and reproduce the vulnerability. Bosch PSIRT performs internal vulnerability handling in collaboration with the responsible development groups. CERT teams of our customers may be notified about the problem upfront. During this time, regular communication is maintained between Bosch PSIRT and the reporting party.

Remediation

After the issue is analyzed, it is defined if a fix or mitigation is necessary to address the vulnerability. To the extent possible, the Bosch PSIRT will work with the reporting party to verify and review fixes.
Corresponding fixes will be developed and prepared for distribution.

Disclosure

The Bosch PSIRT in conjunction with the reporting party will create a disclosure schedule. If public disclosure of the vulnerability is agreed upon, the Bosch PSIRT will release a Bosch Security Advisory at psirt.bosch.com in coordination with the reporting party's potential publication plans.

A security advisory usually contains the following information:

  • Description of the vulnerability with CVE reference and CVSS score
  • Identity of known affected products and software/hardware versions
  • Information on mitigating factors and workarounds
  • Timeline and the location of available fixes or other remedial measures
  • With the reporting party's consent, recognition will be provided for reporting and collaboration.
Contact

Bosch PSIRT

E-mail

Bosch PSIRT public keys

Search our S/MIME key here
Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0

Find our PGP Key here
Fingerprint: ED:47:BD:35:F9:C8:5A:52:3F:08:A7:B8:55:60:42:DB:20:A6:AB:46