About Renesas PSIRT
Renesas PSIRT (Renesas Product Security Incident Response Team) is organized to address security issues (Incidents and Vulnerabilities) that may emerge in Renesas products.
Renesas wishes to proactively address any potential security vulnerabilities within our products. We have created a dedicated product security point of contact as part of our process.
Reporting Vulnerabilities to Renesas PSIRT
Please send the potential vulnerability information to the Renesas PSIRT contact point.
Email address: firstname.lastname@example.org
To allow Renesas PSIRT to process the potential vulnerability, you should provide the following information:
- Hardware/software product name with any version or revision number in Renesas
- Detailed description of the vulnerability
- Detailed description of potential exploits resulting from vulnerability
- Date when the vulnerability was detected
- Details about how it was discovered
- How to confirm the potential vulnerability
- Technical details (such as system configuration, traces, description of exploit/attack code, sample packet capture)
- Software name / version used for confirmation if required for confirmation
- Any other items used for confirmation if required for confirmation
- Any public information already published (CVE, academic paper publication, etc.)
- Common Vulnerability Scoring System (CVSS) v3 score if possible
- Your contact information
- Organization & Department name
- Email Address
- Phone Number
Insufficient information may prevent Renesas from confirming the information. The information should be provided in English or Japanese.
Very important - Please encrypt your message and any attachments with the Renesas PSIRT PGP key. Please send us your PGP key to enable a secure communication response from Renesas.
|Key Type and Length||RSA4096|
|Fingerprint||093D 0407 E341 AD0F DCEC 1B46 AB6D B4A0 351C 2692|
|Public key||Public Key File (ZIP)|
- We only process potential vulnerability information that pertains to Renesas products. For other inquiries, please contact your Renesas representative.
- To protect our customers, Renesas does not publicly disclose vulnerabilities until Renesas has conducted an analysis and provided fixes and countermeasures.
- By sending a vulnerability information to Renesas, you agree to not publicly disclose or share the vulnerability with other people and organization until Renesas provides the conclusion.
- We will do our best but please note that our response may take some time. Thank you for your cooperation.