Product Security Policy

As part of our ongoing commitment to support our customers, HCC maintains a product security incident response program to handle the discovery of potential vulnerabilities and security flaws in our products.

Security Advisories

We publish notices regarding moderate and high-risk product security vulnerabilities at Security Advisories.

Resolution of Confirmed Security Vulnerabilities

Our support team will investigate and disclose vulnerabilities for actively supported products. Once a security vulnerability has been confirmed, HCC will provide solutions commensurate of the risk identified.

Low Risk Vulnerabilities will be corrected as part of the standard product release cycle. For additional information, contact Support.

For products that are End-of-Life or End-of-Service, different support conditions apply. Contact our Support for details.

Disclosure Policy

HCC will not publicly publish any details that could potentially be used to comprise products until mitigation is available, in order to reduce or eliminate the risk. Critical information will be disclosed directly to our strategic partners and authorized distributors or customers in a timely manner as required, related to the risk.

HCC respects the security considerations of all customers and will not provide advanced details outside of established channels.

Product Security Publications

Product security vulnerabilities are published at regular intervals to Security Advisories.

Advisories for high-risk and high-profile security vulnerabilities will be published directly.

Reporting a Vulnerability

Our support team provides direct support for potential vulnerabilities identified in our products. We will work with customers and recognized security organizations to resolve detected security vulnerabilities.

Reporting Process for HCC Partners & Distributors
HCC Partners and Distributors are advised to raise an incident regarding security-related inquiries directly with their HCC product support contact according to existing processes. An active Support & Maintenance agreement and valid product certifications will be required.

Reporting Process for HCC Customers
Customers are advised to contact their HCC Authorized Distributor or the HCC security Team with any product security-related inquiries. The Authorized Partner or HCC support team will ensure sufficient details are collected in order to investigate the potential vulnerability.

Reporting Process for Non-HCC Customers
Non-HCC Customers can submit reports of potential vulnerabilities in HCC products via email security@hcc-embedded.com.

Encrypting sensitive information
The use of PGP to encrypt sensitive information sent via email is recommended and may be required for continued communications. Click here to obtain the PGP key.
In the event additional information / investigation should be required, the HCC Security Team will respond directly to the reporter.

Disclaimer

Information made available under this program is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. HCC does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, HCC’s provision of this information shall not and does not affect the terms or conditions of any agreement with HCC.