SMC Corporation (hereinafter referred to as “the Company”) discloses the following information regarding the handling of vulnerability reports discovered both internally and externally, in order to ensure that customers can use our products with confidence.
- Acquisition of Vulnerability Information
The Company actively collects vulnerability information from both internal and external sources. If you discover a vulnerability in an SMC product, please contact a coordinating organization (such as domestic or international CERTs*) or reach out to the “SMC Product Vulnerability Information Contact Desk.”
※ Computer Emergency Response Team
SMC Product Vulnerability Information Contact Desk
https://www.smcworld.com/support/cyber_security/en-jp/form.html
Upon confirming receipt of vulnerability information via the contact form, we will notify the reporter within five business days from the date of receipt. Please note that responses may be delayed during year-end and New Year holidays, Golden Week, and summer holidays.
- Investigation and Countermeasures for Vulnerabilities
Reported vulnerabilities will be assessed by the relevant product design and development departments to determine their scope and severity. If necessary, we will coordinate with relevant organizations to implement appropriate countermeasures. We will provide updates to the information provider as needed until the response is complete.
- Disclosure of Vulnerability Information
Once countermeasures have been implemented, we will coordinate with relevant internal and external organizations to align the timing of disclosure. The vulnerability information and corresponding countermeasures will be published simultaneously on the relevant coordinating organization’s website and the Company’s product support page.
