1. PSIRT - Product Security Incident Response Team
ST's Product Security Incident Response Team (ST PSIRT) supervises the process of accepting and responding to reports of potential security vulnerabilities involving ST hardware and software products.
ST places a high priority on security, and ST PSIRT is committed to rapidly addressing potential security vulnerabilities affecting its products. ST, thanks to its long history and vast experience in security, is able to perform clear analyses and provide appropriate guidance on mitigation and solutions, when applicable.
If you detect a potential security vulnerability regarding our products, we encourage you to report it to ST PSIRT by following the steps described on the PSIRT webpage[1]. This is
- Your entry point for security vulnerability exchanges
- A repository page including security related documents
- Security advisories
- Security notices (some product-based notices are also published on product pages)
The PSIRT webpage[1]
- Addresses most of STM32 deliverables
- Device or ICs
- Software
- Tools
- Ecosystem
- Supports ethical security responsibilities
- Open to anybody respecting our chart
- With confidentiality
- Includes embargo management
- Open to anybody respecting our chart
- Follows the flaw reporting procedure in compliance with the security standards ISO/IEC-29147 (Vulnerability Disclosure) and ISO/IEC-30111 (Vulnerability Handling Processes)
- Is mandatory to pass security certifications, such as ARM PSA / ISO21434 and Global Platform SESIP
- Is part of SESIP3 certification target document
- Flaw remediation process
PSIRT is an ST corporate approach.
2. References