Technical Support

Need help?

 

How to report a security vulnerability to Panda Security

Information applies to:

Products
Todos los productos

Introduction
Panda Security is committed to resolving security vulnerabilities in our products in a quick and efficient manner. We very much appreciate and encourage the collaboration with researchers who report vulnerabilities to us. The following article explains how to report a Panda Security vulnerability to the Panda Security Response Team.


Responsible Disclosure
Please follow the responsibility disclosure norms to ensure a safe and successful procedure:
  • Notify Panda Security Reponse Team privately
  • Only disclose the findings after Panda Security makes the vulnerability and solution public.
  • Respect the disclosure coordination procedure. This is vital to avoid attacks.

How to report a security vulnerability
If you are a security researcher and believe you have found a Panda Security security vulnerability, we would like to work with you to investigate it. Please contact the Panda Security Response Team at: secure@pandasecurity.com

The exchange of emails between Panda Security and the investigators must always be encrypted with PGP and GPG in order to protect the confidentiality of vulnerability reports. Find the Panda Security PGP public key here: Panda Security Response Key

To help us better understand the nature and characteristics of the possible vulnerability, please provide us with a detailed Proof of Concept (PoC) and make sure the issue can be replicated. Please, include the information below:

  • Product name and version number
  • Date the vulnerability was detected
  • Description of the vulnerability
  • Instructions to replicate the vulnerability (sequence of steps, a video, screenshots, etc.)
  • Your name and the company name
  • Your contact details (email address, telephone number, anonymous)
  • Your PGP or GPG public key to allow for encrypted communication (if available)

The Panda Security Response Team will confirm receipt of your report within two business days. We will work with our teams to verify the finding and respond in a timely manner with an update or request for additional information.

Remediation of the reported vulnerability
If the finding is confirmed as valid, the Panda Security will provide mitigation or remediation of the reported vulnerability accordingly and will keep the reporter informed at all times.

Acknowledgment
Panda Security thank the security researchers who report vulnerabilities in our products and services for their continuous effort in improving security. In recognition for this, although there isn't a Bug Bounty system in place, Panda Security wants to acknowledge the efforts and therefore will publish the detail of the vulnerabilitiy reported including a mention of the researcher on the corporate website.

Help nº- 20191125 100061 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM CHAT