Product Vulnerability Disclosure Program Banner

AUMOVIO Product Vulnerability Disclosure Program

Introduction

AUMOVIO is committed to developing products and services which are secure in order to enable safe, exciting, connected, and autonomous mobility. AUMOVIO welcomes any information about potential product cybersecurity vulnerabilities or exploits from researchers, academics, or others in thebroader security community.
  

AUMOVIO’s Product Security Incident Response Team (PSIRT) will enthusiastically work with those who bring forward such vulnerabilities as we constantly strive to improve the security posture of products and services.
  

For the safety of our customers and consumers AUMOVIO kindly requests that you not publish or share the information with other 3rd parties until reported vulnerabilities can be properly assessed and mitigated. We greatly appreciate the efforts made to identify and report issues to our company and look forward to hearing from you!

Program Scope

This disclosure program is valid for all products of AUMOVIO and those previously sold under the label of Continental Automotive.


The AUMOVIO PSIRT will not respond to reports relating to public facing infrastructure and strongly encourages you to contact the responsible department at cybersecurity@aumovio.com. Further information on reporting requirements can be found at  IT Cyber Incident Reporting Hotline.

Disclosure Program Details

For all product related security vulnerabilities please write to psirt@aumovio.com and include as much of the following as possible:
  

  • Name and version of the affected product
  • Any part or product identifiers on product packaging
  • Technical description of the identified issue, including a proof of concept if possible
  • Details on how to reproduce the issue
  • Any plans for future public disclosure

  

The AUMOVIO PSIRT processes align with the FIRST PSIRT Framework as follows:
  

Discovery: After you report an issue in one of our products we will confirm reception of the information, usually within 2 business days.
  

Triage: We will work with our relevant product departments to identify the correct project team to handle the case. They will review the information provided and verify that the vulnerability exists in the reported product. Customers and suppliers which are impacted by the confirmed vulnerability will be notified in accordance with established agreements.
  

Remediation: In alignment with our customers AUMOVIO will develop and release mitigations to mitigate the risks of the vulnerability. When possible, we will coordinate with the reporter to confirm effectiveness of mitigations.
  

Disclosure: AUMOVIO will coordinate with the reporter on further disclosure of the information. As a Member of the Auto-ISAC, AUMOVIO will share relevant security vulnerabilities to other Auto-ISAC Members which may also be impacted by the reported information. Though AUMOVIO PSIRT would like to recognize and give credit to you for submissions made through this program we respect your option to remain anonymous if desired.