Product Security

Arrow down

Vulnerability Handling Management

Vulnerability management is a top priority at EM Microelectronic, where we maintain a proactive and rigorous approach to securing our technologies. We also support responsible disclosure practices, fostering transparency and collaboration to strengthen cybersecurity across the ecosystem.

This page concerns vulnerabilities affecting EM products. Vulnerabilities identified on this website and other online services of EM Microelectronic should be reported to The Swatch Group Vulnerability Disclosure Policy.

The product vulnerability handling process is structured into four primary phases, as outlined below.

EM product vulnerability handling process

 

  1. Discovery and Identification of the vulnerability phase
  • Proactive monitoring of the public vulnerability databases
  • Additionally, EM Microelectronic actively encourages users of its products to report any suspected flaws through established channels.
     
  1. Triage and risk assessment phase

Upon receipt of a reported vulnerability, EM Microelectronic formally acknowledges the submission and initiates an internal assessment to:

  • Identify affected products
  • Evaluate the severity of the issue
  • Conduct triage to determine prioritization and required actions.
     
  1. Remediation phase

Should the vulnerability be deemed relevant, appropriate technical measures are taken to address it. Based on the nature of the product and the specific flaw, advisories are developed. Advisories can be software patches, updates, guidance or mitigation strategies.
 

  1.  Reporting phase

Once the remediation plan is validated and deemed ready for release, the original reporter and relevant stakeholders are notified and comprehensive advisory materials are distributed.
 

Submitting a potential vulnerability

Users are encouraged to report any potential vulnerabilities by sending an email to SecurityOfficer@emmicroelectronic.com

To ensure secure communication, all emails and attachments should be encrypted using EM Microelectronic Security Officer’s PGP key:

  • PGP Fingerprint: FCB0 57DF E4A7 5F46 344B 2F5C 5CBE 277A 2296 0602

Please provide EM Microelectronic with as much detailed information as possible regarding the suspected vulnerability. This may include:

  • The product affected
  • Nature and technical aspects of the vulnerability
  • Relevant technical schemes or diagrams
  • Supporting academic papers or research
  • Any other pertinent documentation

EM Microelectronic makes every effort to acknowledge submissions swiftly and begin triage without delay.

Please note: This email address is intended solely for vulnerability reports. Kindly refrain from using it for unrelated inquiries.