Product Security Response Center
EMC follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers’ risk of exposure.
Minimizing Customer Risk
EMC takes every step possible to minimize customer risk associated with security vulnerabilities in EMC products. All vulnerability claims are investigated and validated according to industry guidelines before EMC creates, qualifies, and delivers the appropriate remedy to customers.
If you identify a security vulnerability in an EMC product, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
Customers, partners, and other entitled users of an EMC product should contact EMC Technical Support to report security issues discovered in EMC products. The EMC Technical Support team in collaboration with the appropriate product team and the EMC Product Security Response Team will work together on addressing the issue.
Security researchers, industry groups, vendors, and other users that do not have access to EMC Technical Support can send vulnerability reports via e-mail to email@example.com. Please encrypt your message using the EMC’s PGP key, which you can right-click to download or view from this link EMC PSRC PGP Key.
After investigating and validating a reported vulnerability, EMC creates and qualifies the appropriate remedy. Once packaged, EMC communicates the remedy to customers through EMC security advisories. Customers can subscribe to EMC security advisories via EMC Online Support at https://support.emc.com.
Customer Rights: Warranties, Support, and Maintenance
EMC customers’ rights with respect to warranties and support and maintenance—including vulnerabilities in any EMC software product—are governed by the applicable agreement between EMC and each customer.
The statements on this web page don’t modify or enlarge any customer rights or create any additional warranties. Any information provided to EMC regarding vulnerabilities in EMC products—including all information in a product vulnerability report—shall become the sole information of EMC.
EMC Security Advisories (requires EMC Online Support credentials)