Fortinet
FortiGuard Labs
External Program
Submit bugs directly to this organization
Fortinet
FortiGuard Labs
External Program
Submit bugs directly to this organization
The Fortinet Product Security incident Response Team (PSIRT) responds to vulnerability reports from customers, partners and researchers. Upon submission of a product vulnerability, the Fortinet PSIRT will triage the issue and work with our developers to ensure a timely resolution.
To contact the team about vulnerabilities in Fortinet products or services, please email [email protected]. When reporting a vulnerability, we strongly encourage you to use PGP to encrypt your communications. Our public key and be found here.
Notifying a vendor before publicly releasing details of a vulnerability is a standard practice in the information security industry, and is known as "responsible disclosure". The advance notice allows our PSIRT team to coordinate a software fix or workaround which allows our customers to protect themselves before computer criminals have the opportunity to exploit the issue.
Thez team will make every effort to collaborate with security researchers and vulnerability reporters and provide full credit for disclosed vulnerabilities. We ask that reporters adhere to responsible disclosure guidelines while we remediate reported issues.