Coordinated Vulnerability Disclosure

Overview

Vulnerability disclosure policy
Vulnerability disclosure policy

Before reporting a vulnerability, please read the policy including the scope and the process.

Report a vulnerability
Report a vulnerability

Please report any potential vulnerabilities to us within the defined scope.

Security advisories
Security advisories

Check for already identified vulnerabilities

Hall of Thanks
Hall of Thanks

Discover the recognition given to those who responsibly report security issues.

Help us help you: Guidelines for how to report a vulnerability

  • Familiarize yourself with the Danfoss Coordinated Vulnerability Disclosure Policy.
  • Use this form to report any potential vulnerabilities.
  • We strive to respond promptly. Please engage in a constructive dialogue with us.
  • Only demonstrate the existence of a vulnerability to the extent necessary. Avoid altering configurations or disrupting the normal operation of a production system, unless explicitly authorized.
  • Obtain consent from Danfoss before sharing information about identified vulnerabilities with any third party.
  • Once the data for reporting a security issue is no longer needed, securely erase it to ensure it cannot be recovered.

What you can expect from us in return

  • We will strive to respond as quickly as possible. Our standard response time to acknowledge receipt of vulnerability reports is two business days.
  • We will keep you informed throughout the vulnerability disclosure process, providing periodic updates.
  • We will contact you once the reported vulnerability is remediated.
  • We maintain a Hall of thanks to to recognize and credit individuals, organizations, or companies who ethically report security issues in Danfoss' products and services.
  • Please note that we do not offer monetary rewards or a threat hunting program.