Bosch PSIRT

Discovery

A potential vulnerability is reported to the Bosch PSIRT.

Triage

Bosch PSIRT cooperates with the relevant Bosch development team to investigate and reproduce the vulnerability. Bosch PSIRT performs internal vulnerability handling in collaboration with the responsible development groups. CERT teams of our customers may be notified about the problem upfront. During this time, regular communication is maintained between Bosch PSIRT and the reporting party.

Remediation

After the issue is analyzed, it is defined if a fix or mitigation is necessary to address the vulnerability. To the extent possible, the Bosch PSIRT will work with the reporting party to verify and review fixes.
Corresponding fixes will be developed and prepared for distribution.

Disclosure

The Bosch PSIRT in conjunction with the reporting party will create a disclosure schedule. If public disclosure of the vulnerability is agreed upon, the Bosch PSIRT will release a Bosch Security Advisory at psirt.bosch.com in coordination with the reporting party's potential publication plans.

A security advisory usually contains the following information:

• Description of the vulnerability with CVE reference and CVSS score
• Identity of known affected products and software/hardware versions
• Information on mitigating factors and workarounds
• Timeline and the location of available fixes or other remedial measures
• With the reporting party's consent, recognition will be provided for reporting and collaboration.