If you believe you have discovered a vulnerability in one of our products or services, please carefully read our “Vulnerability Disclosure Policy
” and report such vulnerability information to us using the form below.
Reports may be submitted anonymously, but please note that without contact information we will be unable to have follow-up communication with you.
When reporting, please provide the information below to help us better understand the nature and scope of the reported vulnerability:
- Product name and model in which the vulnerability was discovered
- Version of the product containing the vulnerability
- Types of vulnerabilities (buffer overflow, remote code execution, etc.)
- Potential impact of vulnerability
- Procedure for reproducing the vulnerability
- Proof-of-concept code, attack code, etc.
Communication with you will be by e-mail after you contact via the reporting form. We recommend using the PGP key to exchange e-mails if it contains sensitive information. Our PGP public key will be notified separately to you.
We kindly ask you to agree with us on a disclosure process and a disclosure date.
This form is intended for vulnerability reporting only, any other use will not be processed by Canon PSIRT.
Reports reaching us on Saturdays, Sundays, and national or company holidays will be acknowledged within 3 business days following the first business day. Please be advised that we may not respond to every report.
Please use English when reporting a potential vulnerability.