Details

Report a Security Vulnerability

The Juniper Networks Security Incident Response Team has an email alias that makes it easy for customers and others to report potential security vulnerabilities.

Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team at [email protected]. For immediate assistance, JTAC is available 24 hours a day by calling 888-314-JTAC (North America) or +1-408-745-9500.

When should I send a message to [email protected]?

When you have found a security vulnerability with a Juniper Networks product.

When should I NOT use [email protected]?

When you need technical assistance (for example "how do I configure my firewall").
When you are notifying Juniper of vulnerabilities that are already public knowledge such as from the Bugtraq mailing list.
When you are asking for help in applying upgrade packages that have been distributed because of security alerts.
When you are reporting a vulnerability in another vendor's products, or requesting information regarding a vulnerability in another vendor's products.
When you are asking about any other non security-related issues.
When you are reporting malware found on a mobile device.
In any of these situations you should contact our technical support team first. If our technical support team recognizes a security issue they will escalate it to the Security Incident Response Team.

Who reads email sent to [email protected]?

The Juniper Security Incident Response Team, which is a restricted and carefully chosen group of Juniper employees, monitors this email address. No outside users can subscribe to this list.

What information should I send to [email protected]?

When you contact the list please give as much information as possible. We encourage you to encrypt any sensitive information you send to us using our public key, visible at the bottom of this page and available at various key servers.

How do we respond to a notification?

All issues reported to the Security Incident Response Team will be investigated. Patches will be generated where necessary and a security advisory will be released. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and patches. However, we will never forward the email that you send to us, and we will not pass on any information that could identify you, your company, your machines, or your configuration.

Please note: Juniper does not provide an advance notification service. Security patches and advisories are freely available from our web site.

Report a Security Vulnerability

The Juniper Networks Security Incident Response Team has an email alias that makes it easy for customers and others to report potential security vulnerabilities.

When should I NOT use [email protected]?

When you need technical assistance (for example "how do I configure my firewall").

When you are notifying Juniper of vulnerabilities that are already public knowledge such as from the Bugtraq mailing list.

When you are asking for help in applying upgrade packages that have been distributed because of security alerts.

When you are reporting a vulnerability in another vendor's products, or requesting information regarding a vulnerability in another vendor's products.

When you are asking about any other non security-related issues.

When you are reporting malware found on a mobile device.

In any of these situations you should contact our technical support team first. If our technical support team recognizes a security issue they will escalate it to the Security Incident Response Team.

How do we respond to a notification?

Please note: Juniper does not provide an advance notification service. Security patches and advisories are freely available from our web site.