Ericsson is committed to high security standards, and it is vital that we are notified as early as possible to prevent potential damage. Ericsson therefore encourages the reporting of any security vulnerabilities as soon as possible.
Individuals who report may be recognized on our acknowledgement page, see Enterprise IT vulnerability disclosure program and Ericsson product vulnerability disclosure policy for more information.
Note! All security related concerns identified by existing customers and suppliers are handled through established direct channels. Customers and suppliers are therefore advised to reach out to their Ericsson contact directly.
Reporting
Thank you for your contribution!
If there is a failure or problem with the form, please send an email to vulnerability.disclosure@ericsson.com mailbox. Thank you!
Information collection and use – Privacy disclaimer
When you disclose a vulnerability to Ericsson, we collect your name, email address and all details provided by you in the form. We retain such information for administrative purposes, and to be able to respond to you and track further correspondence during the investigation of the reported vulnerability.
For more information on how we may process your personal data, please see the Ericsson Privacy Policy.
What will happen next?
- Ericsson will respond to the vulnerability reporter and establish communication to exchange further information and acknowledge that the report has been received.
All vulnerability details are handled with high confidentiality and only shared on a need-to-know basis both internally and externally. - During the vulnerability coordination Ericsson will continue to collaborate with the reporter to get more detailed information and to keep them apprised about the progress as much as confidentiality and regulations allow.
- When the investigation process of the reported vulnerability has concluded Ericsson will communicate appropriate details back to the reporter and any other relevant parties.
- The decision of when and where the reported vulnerability is published is determined case-by-case.
- Ericsson’s vulnerability disclosure program recognizes reporters on the Acknowledgements page. Ericsson reserves the right to make the decision to recognize or not, on a case-by-case basis.
Contact details:
vulnerability.disclosure@ericsson.com
PGP key fingerprint:
Note: For all correspondence over email please encrypt with the below PGP key and include your own public key in the email.
6E71 7371 226D DC71 17C8 C91F 88DF 2BAC 3D09 908C