General Electric

#Security Concern & Compliance Reporting
At GE, security and compliance are, and always will be, top priorities.

If you believe you have detected a vulnerability or risk to a GE product or service, or if you wish to contact us regarding a compliance matter, we want to hear from you and are committed to quickly resolving your concerns.

##Product & Services Security (a Product or Service Vulnerability, Exploit or Compromise) If you believe you have discovered a vulnerability, or would like to report a potential security incident in a GE product or service, please contact the GE Product Security Incident Response Team (GE-PSIRT). GE-PSIRT will review and respond to your submission within 48 hours, depending on the severity of the concern.

Please contact GE-PSIRT at [email protected] and include the following details in your email. GE supports encrypted emails via PGP (GE’s public PGP key).

• Subject line must have PSIRT
• GE product name(s) and version(s)
• Description of the concern or vulnerability (e.g. privilege escalation, buffer overflow, SQL injection, cross-site scripting)
• Information to help our team replicate the issue (e.g. configuration details, a proof-of-concept or exploit code)

##Data & Network Security (Cyber Incident Involving GE Data or Phish) If you believe that GE data is at risk or a threat is detected, we will swiftly implement corrective action as appropriate.

Please contact the GE Computer Incident Response Team (GE-CIRT) at [email protected] and include the following details in your email. GE supports encrypted emails via PGP (GE’s public PGP key).

• A brief summary of the activity being reported (i.e. what GE information is being degraded, disclosed or denied)
• Email, domain name or IP address involved
• How the activity was detected