Vulnerability reporting
Metrohm product vulnerability disclosure
Metrohm’s product vulnerability disclosure program provides a channel to report any security vulnerabilities in Metrohm products.
Security is a high priority at Metrohm, and we are strongly committed to safeguarding our customers. Our goal is to timely analyze and validate reported issues and provide appropriate corrective actions.
When reporting a product security vulnerability, please include at least the following information for us to understand the scope and impact of the vulnerability:
- Name and version of the affected product or software
- Detailed instructions to replicate the vulnerability
- External vulnerability source or tool that detected the vulnerability
- Proof-of-concept or exploited code (if available)
- Potential implications of the vulnerability
- Possible mitigations
Upon successful receipt of the report, our security team will send an acknowledgment to the reporter and begin the process of analyzing, validating, and providing corrective actions to address the vulnerability.
All information received in the report is considered confidential. The information is shared only with the relevant stakeholders on a need-to-know basis.
Note! All security related concerns identified by existing customers and suppliers are handled through established direct channels. Customers and suppliers are therefore advised to reach out to their Metrohm contact directly.