Product Security Response Center (PSRC)
EMC follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers’ risk of exposure.
Minimizing customer risk
EMC takes every step possible to minimize customer risk associated with security vulnerabilities in EMC products. All vulnerability claims are investigated and validated according to industry guidelines before EMC creates, qualifies, and delivers the appropriate remedy to customers.
If you identify a security vulnerability in an EMC product, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
Customers and other entitled users of an EMC product should contact EMC Technical Support to report security issues discovered in EMC products. The EMC Technical Support team in collaboration with the appropriate product team and the EMC PSRC will work together on addressing the issue. Security researchers, industry groups, and vendors can send vulnerability reports via e-mail to email@example.com. Please encrypt your message using the EMC PSRC PGP key, which you can right-click to download or view.
After investigating and validating a reported vulnerability, EMC creates and qualifies the appropriate remedy. Once packaged, EMC communicates the remedy to customers through EMC security advisories. Customers can subscribe to EMC security advisories via EMC Online Support at https://support.emc.com.
Customer rights: warranties, support, and maintenance
EMC customers’ rights with respect to warranties and support and maintenance—including vulnerabilities in any EMC software product—are governed by the applicable agreement between EMC and each customer.
The statements on this web page don’t modify or enlarge any customer rights or create any additional warranties. Any information provided to EMC regarding vulnerabilities in EMC products—including all information in a product vulnerability report—shall become the sole information of EMC.
- Submit a product vulnerability report securely
- Customers: See list of EMC Security Advisories on EMC Online Support (requires EMC Online Support credentials)
- EMC's Approach to Vulnerability Response: Product Security Blog
- Organization for Internet Safety: Security Vulnerability Reporting and Response Guidelines
- National Infrastructure Advisory Council: Disclosing and Managing Vulnerability Guidelines