- Supporto tecnico
- Product security
Product security
Quality, reliability, security - three essential values from which trust grows. For this reason, ifm bases every action on these three values. The same applies for its products. And even if we cannot rule out security gaps 100 %, we do everything we can to get close to the ideal state.
If you wish to send us a vulnerability report, please provide us with the following information:
- Article incl. article number
- Software version
- Your first and last name
- Name of the organisation
- Country
- Email address
- Confirmation of indication as finder
- Telephone number (optional)
In addition, we need a description of the vulnerability with the following information:
- Configuration of the application
- Description of the operating environment
- Impact of the vulnerability
- Detailed description of the vulnerability
Please send your message to psirt@ifm.com
These can be sent as PGP encrypted attachments.
The vulnerability management process of the ifm group defines the procedure for recording and processing vulnerability reports. In addition, the ifm PSIRT coordinates the provision of information on vulnerabilities with the articles of the ifm group of companies.
The ifm PSIRT analyses all incoming messages. Within 5 working days, the finder will receive feedback from the PSIRT. If required, further necessary information will be requested. If ifm does not receive a response within 60 working days, the request will be closed.
After validating the vulnerability, the impact and severity of the vulnerability is determined based on the available information, and appropriate countermeasures are developed.
Note: The time required to process a vulnerability can be influenced by its complexity. Based on the information, the cause of the vulnerability is identified and a suitable countermeasure is developed.
The finder will be informed regularly, at the latest every 30 working days, about the current status of the processing.
After a suitable countermeasure has been provided, a security message with all relevant information is made available on our PSIRT page and via our partner, the CERT@vde.