Product Security Response Center
EMC follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers’ risk of exposure.
Minimizing customer risk
EMC takes every step possible to minimize customer risk associated with security vulnerabilities in EMC products. All vulnerability claims are investigated and validated according to industry guidelines before EMC creates, qualifies, and delivers the appropriate remedy to customers.
If you identify a security vulnerability in an EMC product, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
After investigating and validating a reported vulnerability, EMC creates and qualifies the appropriate remedy. Once packaged, EMC communicates the remedy to customers through EMC Security Advisories. Customers can subscribe to EMC Security Advisories via Powerlink.
Monitoring vulnerabilities in embedded products
EMC closely monitors external security resources including Carnegie Mellon University's Computer Emergency Response Team (CERT), the U.S. National Vulnerabilities Database, and Bugtraq for vulnerability notifications regarding embedded third-party products.
When EMC receives a valid vulnerability report regarding an embedded third-party product, EMC must wait for the vendor to issue its remedy. Once received, EMC qualifies, packages, and distributes the patch to customers. Information and remedies for embedded products are also delivered through the standard customer support process
Customer rights: warranties, support, and maintenance
EMC customers’ rights with respect to warranties and support and maintenance—including vulnerabilities in any EMC software product—are governed by the applicable agreement between EMC and each customer.
The statements on this web page don’t modify or enlarge any customer rights or create any additional warranties. Any information provided to EMC regarding vulnerabilities in EMC products—including all information in a product vulnerability report—shall become the sole information of EMC.
- Submit a product vulnerability report securely
- Customers: See list of EMC Security Advisories on Powerlink (requires Powerlink credentials)
- EMC's Approach to Vulnerability Response: Product Security Blog
- Organization for Internet Safety: Security Vulnerability Reporting and Response Guidelines
- National Infrastructure Advisory Council: Disclosing and Managing Vulnerability Guidelines