In order to respond appropriately to any notification of potential cybersecurity vulnerabilities, SAE has established appropriate processes and measures. One of these measures is the deployment of a Product Security Incident Response Team (PSIRT), which continuously handles vulnerability reports and is responsible for correct addressing and tracking.
Encrypted e-mail address: email@example.com
S/MIME Public Key Download
If you would like to notify us of a vulnerability, please provide the following information:
Once a report of a potential cybersecurity vulnerability is received by the SAE PSIRT, acknowledgement of receipt is sent within 7 business days to the contact provided in the report.
The SAE PSIRT analyzes the vulnerability described in the notification, its severity, and its impact on SAE products. Depending on the complexity of the vulnerability described, queries are sent to the contact stored in the notification. No later than 14 working days after acknowledgement of receipt, a preliminary vulnerability report is prepared by the SAE PSIRT and shared via a pre-agreed secure communication channel with the contact deposited in the notification.
The SAE PSIRT works closely with the appropriate development departments and 3rd party component suppliers to identify the root cause of the reported vulnerabilities. The contact on file in the notification will be informed of progress in this phase.
The SAE PSIRT works with the development departments to provide a final fix for the vulnerability. If the reported vulnerability poses a high risk to SAE customers and a final fix would take too much time, temporary measures will be published by SAE. The contact filed in the notification will be informed of the planned compliance horizon.
The SAE PSIRT publishes relevant information about the reported vulnerability and corresponding patches or actions in the Security Notifications section of the website.
SAE reserves the right to modify the process described herein at any time or to deviate from the process for cause.