Coordinated Vulnerability Disclosure

Overview

Help us help you: Guidelines for how to report a vulnerability

  • Familiarize yourself with the Danfoss Coordinated Vulnerability Disclosure Policy.
  • Use this form to report any potential vulnerabilities.
  • We strive to respond promptly. Please engage in a constructive dialogue with us.
  • Only demonstrate the existence of a vulnerability to the extent necessary. Avoid altering configurations or disrupting the normal operation of a production system, unless explicitly authorized.
  • Obtain consent from Danfoss before sharing information about identified vulnerabilities with any third party.
  • Once the data for reporting a security issue is no longer needed, securely erase it to ensure it cannot be recovered.

What you can expect from us in return

  • We will strive to respond as quickly as possible. Our standard response time to acknowledge receipt of vulnerability reports is two business days.
  • We will keep you informed throughout the vulnerability disclosure process, providing periodic updates.
  • We will contact you once the reported vulnerability is remediated.
  • We maintain a Hall of thanks to to¬†recognize and credit individuals, organizations,¬†or companies who ethically report security issues in Danfoss' products and services.
  • Please note that we do not offer monetary rewards or a threat hunting program.