Product Security (Vulnerability Disclosure Policy)
Fujitsu General Limited and its group companies (the "Group") collect and disclose vulnerability information on its products according to ISO/IEC 29147 through the following process.
Collection of Vulnerability Information
The Group collects vulnerability information on its products from external security researchers and coordinating bodies to improve the information security quality of its products.
To report any vulnerabilities of our product, please contact us through the Vulnerability Reporting Desk via our website at the link below.
After receiving the vulnerability report, we will contact the reporter within 5 business days from the date of receipt to confirm the receipt.
We will update the response status and notify the reporter at intervals of no more than 20 business days from the contact date of receipt. This will be conducted until the reported vulnerability is resolved.
Release of Security Advisory
When a new vulnerability is confirmed in its products, the Group will release a security advisory to enable its customers to take appropriate countermeasures. Once the advisory is ready for release, we will coordinate the release date with the reporter and other stakeholders. After that, we will publish the advisory on our website at the link below, with an assigned CVE number.
Bug Bounty
The Group does not run any bug bounty programs.