Report a vulnerability
Bosch PSIRT encourages users and researchers to report security issues.
How to report a vulnerability?
If you believe that you have identified a potential vulnerability or security incident related to a Bosch website, Bosch product, or a data protection issue, please proceed as follows and choose the appropriate way to contact us. The Bosch PSIRT encourages responsible disclosure of vulnerabilities with a view to the longer-term benefits they bring in terms of fixed vulnerabilities, better-informed customers, and continuous improvement of our security.
What information should be submitted?
For website or product vulnerabilities, please report the following information:
Affected product, including model and firmware version (if available), or URL address for website vulnerabilities.
Description of the vulnerability, including proof-of-concept, exploit code or network traces (if available). If a large amount of data needs to be submitted, we are able to offer an easy-to-use service for data transfer.
- Public references, if there is any. Please indicate if the vulnerability has already been publicly disclosed and by whom.
Please, take into account the following considerations before submitting a report:
1. Only emails in English or German languages can be considered.
2. Considerations regarding acknowledgements:
We invite you to report all website vulnerabilities. However previously published vulnerabilities will not qualify for acknowledgement.
- From August 2017, acknowledgements for website vulnerabilities will contain the type of vulnerability found, no exceptions.
Acknowledgements for product vulnerabilities will only contain the researcher's name.
- From December 2018, vulnerabilities categorized as “informational” will not be entitled to an entry on our acknowledgment page.
4. We strongly encourage you to encrypt all e-mail communications with Bosch PSIRT. Our S/MIME and PGP public keys and fingerprints are available at the bottom of each page.