Banner object (1)

Hack and Take the Cash !

2529 policies in database
  Back Link to program      
04/03/2020
Vulnerability Disclosure Policy - Groupe Renault logo
Thanks
Gift
Hall of Fame
Reward

Vulnerability Disclosure Policy - Groupe Renault

We consider that the safety and security of our customers is one of the top

priorities. Therefore, we design and make products and services with the best

quality and reliability possible. Despite our efforts to implement the best

possible security measures, vulnerabilities may still be present in our

products, services and systems.

This document describes Renault’s policy for receiving reports related to

potential security vulnerabilities in its products and services and the

company’s standard practice with regards to informing customers of verified

vulnerabilities.

Everyone is encouraged to report identified vulnerabilities, regardless the

type of service or products. Researchers, partners, CERTS, customers or any

other source are welcomed to report the vulnerabilities.

When to contact the security operational team

The preferred method for contacting Groupe Renault security operational team

is by sending email to [alert.cyber-security@renault.com](https://group.renault.com/en/vulnerability-disclosure-policy/mailto:alert.cyber-

security@renault.com) if you have identified a potential security

vulnerability with one of our products or our services.

To facilitate our management of the vulnerability, we expect some well-written

reports in English or French containing the following information:

  • Time and date of discovery

  • Product Model & number using the vendor nomenclature if possible

  • URL, browser information including type and version and input required to reproduce the vulnerability;

  • Technical Description — provide what actions were being performed and the result in as much detail as possible;

  • Sample Code — if possible, provide code that was used in testing to create the vulnerability;

  • Reporting’s party Contact Information — best method to reach

  • Disclosure Plan(s) — current plan to disclose;

  • Threat/Risk Assessment — contains details of the identified threats and/or risks including a risk level (high, medium, low) for assessment result;

  • Software Configuration — details to computer/device configuration at time of vulnerability;

  • Relevant information about connected devices if vulnerability arises during interaction. When a secondary device triggers the vulnerability, these details should be provided.

Please do not include personal data in your reports, except what is necessary

to contact you.

Participating in this program does not give you any right to intellectual

property owned by Groupe Renault or a third party.

What will be the next steps?

After your incident report is received, the appropriate personnel will contact

you to follow-up. To ensure confidentiality, we encourage you to encrypt any

sensitive information you send to us via e-mail. We are equipped to receive

messages encrypted using PGP. [**_Our PGP public

key_**](https://group.renault.com/wp-content/uploads/2019/11/pgp-key-

responsible-disclosure.txt) can be used to send encrypted email.

Groupe Renault attempts to acknowledge receipt to all submitted reports within

seven days.

Then Groupe Renault will engage an open dialog to discuss issues, notify you

at each stage of the investigation.

Groupe Renault retains discretion to determine whether to accept a report into

the program. For example, Groupe Renault will not accept into this program

vulnerabilities with minimal security impact or low exploitability,

vulnerabilities beyond Renault’s control, vulnerabilities discoverable through

automated scans which have not been verified manually, or vulnerabilities

related to a violation of the program requirements.

What is alert.cyber-security@renault.com not intended for?

The [alert.cyber-security@renault.com](https://group.renault.com/en/vulnerability-disclosure-policy/mailto:alert.cyber-

security@renault.com) email address is intended ONLY for the purposes of

reporting product or service security vulnerabilities. It is not for technical

support information on our products or services. All content other than that

specific to security vulnerabilities in our products or services will not be

processed.

Disclosure Requirements

Groupe Renault agrees not to pursue legal action against reporting parties who

submit in-scope reports and:

  • Engage in testing/research of systems without harming Renault, its customers, employees, or third parties;

  • Do not use or alter any data it might access during its discovery;

  • Do not conduct social engineering, spam, or phishing attacks;

  • Do not test the physical security of any property of Groupe Renault or third parties;

  • Do not conduct denial-of-service or resource-exhaustion attacks;

  • Comply with applicable criminal laws;

  • Adhere to other applicable laws (other than those that would result only in claims by Renault).

The reporting party(s) who submits a report to Groupe Renault through this

website agrees not to disclose to a third-party any information related to

that report, the vulnerability reported, nor the fact that a vulnerability has

been reported to Renault. This agreement regarding disclosure applies

regardless of whether Groupe Renault had prior knowledge of the information.

You agree that Groupe Renault may disclose the information in a report you

submit through this website. Groupe Renault will consider any request from a

reporting party to make a disclosure, but reserves the right to deny such

requests.

Groupe Renault appreciates the efforts made by the reporting party in

identifying the vulnerability. We thank you for going out of your way to

improve the security of our product and systems and the Internet community as

a whole.

All aspects of this process are subject to change without notice, as well as

to case-by exceptions. No particular level of response is guaranteed for any

specific issue or class of issues.


This program crawled on the 2020-03-04 is sorted as cvd.

FireBounty © 2015-2020

Legal notices