Vertiv
External Program
Submit bugs directly to this organization
Vertiv
We are committed to providing secure products to our customers and take all security concerns seriously. We work to quickly review, validate and remediate vulnerabilities submitted to us.
The Vertiv Security Incident Response Team (SIRT) objective is to minimize security risk by providing timely information and remediation of vulnerabilities in our network, web properties and products. This includes software, hardware, services and solutions.
The SIRT manages the receipt, analysis, investigation and remediation of security issues. The SIRT will also coordinate the disclosure of security vulnerability information.
We welcome reports from independent researchers, industry organizations, vendors and customers concerned with security.
Our policy is to follow a coordinated vulnerability disclosure process. This process allows independent parties that discover a vulnerability in a Vertiv product to disclose those concerns to Vertiv directly, giving us time to investigate and remediate before the vulnerability is disclosed publicly. This protects Vertiv’s customers while acknowledging the reporters’ efforts. If a reported vulnerability relates to a vendor product, the SIRT will coordinate with the vendor to remediate the vulnerability. The SIRT will communicate with the reporter throughout the vulnerability investigation and will provide mutually agreeable next steps.
We encourage coordinated disclosure of product security vulnerabilities. Security researchers, industry groups, government organizations and vendors can report potential product security vulnerabilities to Vertiv.
If the vulnerability affects only a Vertiv product, please click “Report a Product Security Concern” below.
Please include the following:
REPORT A PRODUCT SECURITY CONCERN
For all other security issues, please click “Report other Security Concerns” below.
Please include the following:
REPORT OTHER SECURITY CONCERNS
We take security concerns seriously and work to evaluate and address them in a timely manner. Response timelines will depend on many factors, including: the severity, the product affected, the current development cycle, QA cycles, and whether the issue can only be updated in a major release.
Remediation may take one or more of the following forms:
Notwithstanding the foregoing, not all reported concerns will result in validated vulnerabilities and we do not guarantee a specific resolution for all reported concerns.