Help us help you: Guidelines for how to report a vulnerability
- Familiarize yourself with the Danfoss Coordinated Vulnerability Disclosure Policy.
- Use this form to report any potential vulnerabilities.
- We strive to respond promptly. Please engage in a constructive dialogue with us.
- Only demonstrate the existence of a vulnerability to the extent necessary. Avoid altering configurations or disrupting the normal operation of a production system, unless explicitly authorized.
- Obtain consent from Danfoss before sharing information about identified vulnerabilities with any third party.
- Once the data for reporting a security issue is no longer needed, securely erase it to ensure it cannot be recovered.
What you can expect from us in return
- We will strive to respond as quickly as possible. Our standard response time to acknowledge receipt of vulnerability reports is two business days.
- We will keep you informed throughout the vulnerability disclosure process, providing periodic updates.
- We will contact you once the reported vulnerability is remediated.
- We maintain a Hall of thanks to to recognize and credit individuals, organizations, or companies who ethically report security issues in Danfoss' products and services.
- Please note that we do not offer monetary rewards or a threat hunting program.