Panda Security is committed to resolving security vulnerabilities in our products in a quick and efficient manner. We very much appreciate and encourage the collaboration with researchers who report vulnerabilities to us. The following article explains how to report a Panda Security vulnerability to the Panda Security Response Team.
How to report a security vulnerability
If you are a security researcher and believe you have found a Panda Security security vulnerability, we would like to work with you to investigate it. Please contact the Panda Security Response Team at: firstname.lastname@example.org
To help us better understand the nature and characteristics of the possible vulnerability, please include the information below:
- Product name and version number
- Date the vulnerability was detected
- Description of the vulnerability
- Instructions to replicate the vulnerability (sequence of steps, a video, screenshots, etc.)
- Your name and the company name
- Your contact details (email address, telephone number, anonymous)
- Your PGP or GPG public key to allow for encrypted communication (if available)
The Panda Security Response Team will confirm receipt of your report within two business days. We will work with our teams to verify the finding and respond in a timely manner with an update or request for additional information.
PGP key details
Panda Security can exchange encrypted email with you using PGP and GPG. Please, use encrypted communication in order to protect the confidentiality of vulnerability reports.
Find the Panda Security PGP public key here: Panda Security Response Key
Remediation of the reported vulnerability
If the finding is confirmed as valid, the Panda Security will provide mitigation or remediation of the reported vulnerability accordingly and will keep the reporter informed at all times.