This part of the website is unfortunately not available in your chosen language.

Product Security Incident Response Management

Product Security Incident Response Management

security information related to products
of Vitesco Technologies

Product Security Incident Response Management


The Product Security Incident Response Management Team is a global team, which manages security vulnerability information related to Vitesco Technologies. It is the central point of contact for all security researchers, customers, partners and suppliers, to report security information related to products of Vitesco Technologies.

If you believe you have identified a potential security vulnerability in a Vitesco Technologies Product, please contact us: razvan.coban@vitesco.com.
 


You can also send your documents to: razvan.coban@vitesco.com
 
 Vitesco Technologies Security & Privacy Competence Center (VT SCC)
 Product Security Incident Response Management (PSIRM)
 Vitesco Technologies Engineering România SRL
 Calea Chișinăului 2A, 700264 Iași, România

 

Handling Process

 

1. Reporting

If you believe you have identified a potential security vulnerability in a Vitesco Technologies Product, please contact us at: razvan.coban@vitesco.com.
You can also send your documents to: razvan.coban@vitesco.com.
 
  • Vitesco Technologies Security & Privacy Competence Center (VT SCC)
  • Product Security Incident Response Management (PSIRM)
  • Vitesco Technologies Engineering România SRL
  • Calea Chișinăului 2A, 700264 Iași, România

When reporting please provide us the following information:
  • Name: Please provide us with your identity details. In case you want to remain anonymous, we would respect your interests
  • Contact: Details how to contact you if some more information is required
  • Description: Technical details and potential impact of the vulnerability
  • Affected components: Information in the most detailed manner and any further publicly available information or link to it.
 

2. Verification

As soon as a vulnerability report is received, a tracking number is issued and provided to the reporter. Then relevant product responsible are involved to validate and to understand the potential vulnerability and assessment of risk attached to it.
Once it is confirmed that one of our products has a vulnerability, we intend to notify our affected customers.

 

3. Analysis

As next step a detail investigation is been made to understand the root cause, possible methods of exploitation and risk assessment.

 

4. Mitigation

A remediation plan is prepared, and a mitigation strategy is established.

 

5. Disclosure

We intend to disclose the vulnerability to the Automotive Community. However, this is only done in alignment with all our affected customers. It is important for us that our customers as well as our internal organization gets adequate time to deploy required mitigation, before any damage could be caused by disclosure of the vulnerability report.