Skip to main


Vulnerability and Incident Management Processes

Making Bosch secure

Overview of the Bosch PSIRT processes


Bosch delivers products that offer the best quality and reliability. The Bosch Product Security Incident Response Team (PSIRT) supports this by helping to resolve security issues identified in Bosch products by security researchers, partners, or customers.

The Bosch PSIRT process consists of four stages, which are based on the FIRST framework:

  • Discovery
  • Triage
  • Remediation
  • Disclosure


A potential vulnerability is reported to the Bosch PSIRT.


Bosch PSIRT cooperates with the relevant Bosch development team to investigate and reproduce the vulnerability. Bosch PSIRT performs internal vulnerability handling in collaboration with the responsible development groups. CERT teams of our customers may be notified about the problem upfront. During this time, regular communication is maintained between Bosch PSIRT and the reporting party.


After the issue is analyzed, it is defined if a fix or mitigation is necessary to address the vulnerability. To the extent possible, the Bosch PSIRT will work with the reporting party to verify and review fixes.
Corresponding fixes will be developed and prepared for distribution.


The Bosch PSIRT in conjunction with the reporting party will create a disclosure schedule. If public disclosure of the vulnerability is agreed upon, the Bosch PSIRT will release a Bosch Security Advisory at in coordination with the reporting party's potential publication plans.

A security advisory usually contains the following information:

  • Description of the vulnerability with CVE reference and CVSS score
  • Identity of known affected products and software/hardware versions
  • Information on mitigating factors and workarounds
  • Timeline and the location of available fixes or other remedial measures
  • With the reporting party's consent, recognition will be provided for reporting and collaboration.

Bosch PSIRT public keys

Search our S/MIME key here
Fingerprint: 87:F1:6F:70:60:D2:94:83:82:AC:69:F5:46:86:7C:80:7F:86:1D:F0

Find our PGP Key here
Fingerprint: F355 92D1 0BB0 617E FA47 3C9D E8F9 BF8B B992 610A