Report potential product security vulnerabilities
About ST PSIRT
ST's Product Security Incident Response Team (ST PSIRT) supervises the process of accepting and responding to potential security vulnerabilities involving ST hardware and software products.
ST places a high priority on security, and ST PSIRT is committed to rapidly addressing potential security vulnerabilities affecting our products. Our long history and vast experience in security allows ST to preform clear analyses and provide appropriate guidance on mitigations and solutions when applicable.
If you wish to report a potential security vulnerability regarding our products, we encourage you to report it to ST PSIRT by following the steps described on that page.
How to report a potential security vulnerability
To report a potential security vulnerability, please contact ST PSIRT at firstname.lastname@example.org.
All exchanges and reports should be provided in English.
Because of the sensitive nature of such reporting, the ST PSIRT highly encourages all submitted security vulnerability reports to be sent encrypted, using the ST PSIRT PGP/GPG Key:
- Fingerprint: CFF4 FA07 4F1C A91C 92BA B34F BF30 B8E2 D48E A55C
- Public Key File (ZIP, 3 KB)
Recommended information to include in your report
To allow ST PSIRT processing the potential discovered security vulnerability, you should provide the following information:
- ST product identification: part number or product reference and version (hardware or software)
- Complete technical description of the potential vulnerability, including any related known exploits
- How and when the potential vulnerability was discovered
- Any public information already published or publication planning (CVE, academic paper publication, etc.)
- Your contact information to use during the process
Insufficient information may prevent ST from evaluating the request.
Vulnerability management process
Once submitted, ST PSIRT will manage the reported vulnerability according to the following process:
- Reporting a new vulnerability: At this stage, ST PSIRT will acknowledge the reception of the reported issue.
- Evaluating: ST PSIRT will evaluate the potential vulnerability to understand if there is an issue, analyze it, and set a priority to manage valid issues. ST PSIRT may come back to the submitter in case some information is missing from the original report or if clarification is needed.
- Solving: ST PSIRT will investigate potential solutions and mitigations to address the issue.
- Communicating: Once a solution is available (fix or mitigation), ST PSIRT will communicate back to the submitter and others where appropriate.