|Applies To||This article applies to all RSA customers and partners, and to all RSA products and solutions.|
|Issue||What is the correct procedure for reporting a security vulnerability that has been identified in an RSA product?|
|Resolution||RSA, as a Dell Technologies business, adheres to the Dell Vulnerability Response Policy.|
Enterprise and commercial product customers and partners should contact the appropriate technical support team to report security issues discovered in a Dell product. The Technical Support team, the appropriate product team and Dell PSIRT will work together to address the issue and provide customers with next steps.
Dell (including RSA) strives to help our customers minimize risk associated with security vulnerabilities in our products. Our goal is to provide customers with timely information, guidance and mitigation options to address vulnerabilities. The Dell Product Security Incident Response Team (Dell PSIRT) is chartered and responsible for coordinating the response and disclosure for all product vulnerabilities that are reported to Dell.
Dell employs a rigorous process to continually evaluate and improve our vulnerability response practices and we regularly benchmark these against the rest of the industry. Dell is an active participant in the Software Assurance Forum for Excellence in Code (SAFECode: https://safecode.org), the Forum for Incident Response (https://www.first.org) and international standards efforts that are developed for vulnerability disclosure and handling such as ISO 29147 and ISO 30111.
How to Report a Security Vulnerability
If you identify a security vulnerability in any RSA product, please report it immediately. Timely identification of security vulnerabilities is critical to mitigating potential risks to our customers.
Enterprise and commercial product customers and partners should contact the appropriate technical support team to report security issues discovered in an RSA product. The Technical Support team, the appropriate product team and Dell PSIRT will work together to address the issue and provide customers with next steps.
Security researchers, industry groups, vendors, and other users that do not have access to Technical Support should send vulnerability reports to Dell PSIRT via email (firstname.lastname@example.org). Please encrypt your message and any attachments using Dell PSIRT’s PGP key, which you can download here.
When reporting a potential vulnerability please include as much of the below information as possible to help us better understand the nature and scope of the reported issue:
|Notes||For more information, refer to the Dell Security Advisories & Notices page on the Dell.com website.|