Minimizing customer risk

EMC takes every step possible to minimize customer risk associated with security vulnerabilities in EMC products. All vulnerability claims are investigated and validated according to industry guidelines before EMC creates, qualifies, and delivers the appropriate remedy to customers.

If you identify security vulnerability in an EMC product, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.

Reporting vulnerabilities

Customers are encouraged to submit product vulnerability reports to the EMC Product Security Response Center:

You can also send vulnerability reports via e-mail to security_alert@emc.com. You may encrypt your message using the EMC Public Key. You can right click to download or click here to view the latest EMC Public Key.

Security response

After investigating and validating a reported vulnerability, EMC creates and qualifies the appropriate remedy. Once packaged, EMC expedites the remedy to customers, via the standard customer support process.

Monitoring vulnerabilities in embedded products

EMC closely monitors external security resources including CERT, National Vulnerabilities Database and Bugtraq for vulnerability notifications regarding embedded third-party products.

When EMC receives a valid vulnerability report regarding an embedded third-party product, EMC must wait for the vendor to issue its remedy. Once received, EMC qualifies, packages, and distributes the patch to customers. Information and remedies for embedded products are also delivered through the standard customer support process.

Customer rights: warranties, support, and maintenance

EMC customers' rights with respect to warranties and support and maintenance—including vulnerabilities in any EMC software product—are governed by the applicable agreement between EMC and each customer.

The statements on this web page do not modify or enlarge any customer rights or create any additional warranties. Any information provided to EMC regarding vulnerabilities in EMC products, including all information in a product vulnerability report, shall become the sole information of EMC.