1. IN Groupe
  2. /
  3. IN Groupe PSIRT

IN Groupe PSIRT

IN Groupe’s Product Security Incident Response Team (IN Groupe PSIRT) supervise the process of accepting and responding to reports of potential security vulnerabilities involving IN Groupe hardware and software products.

We, at IN Groupe, place a high priority on security, and our PSIRT is committed to rapidly addressing potential security vulnerabilities affecting our products. Our experience in security allows IN Groupe to perform clear analyses and provide appropriate guidance on mitigations and solutions when applicable.

If you wish to report a potential security vulnerability regarding our products, we encourage you to report it to IN Groupe PSIRT by following the steps described on this page.

Important (read carefully)

IN Groupe on behalf of itself, its affiliates and subsidiaries, takes all potential security vulnerability reports or other related communications (“Report(s)”) seriously. In order to review Your Report (the terms “You” and “Yours” include your employer, and all affiliates, subsidiaries and related persons or entities) and take actions as deemed appropriate, IN Groupe requires that we have the rights and Your permission to do so.

As such, by submitting Your Report to IN Groupe, You agree that You have the right to do so, and You grant to IN Groupe the rights to use the Report for purposes related to security vulnerability analysis, testing, correction, patching, reporting and any other related purpose or function.

The following test methods are not authorized:

  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data
  • Physical testing, social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing

Responsible Disclosure Guidelines
We ask you to:

  • Report vulnerabilities in a manner that minimizes risk and ensures confidentiality.
  • Do not use the vulnerability to access, modify, delete, or otherwise compromise data.
  • Provide us with a reasonable amount of time to address vulnerability before public disclosure.

How to report a potential security vulnerability 

To report a potential security vulnerability, please contact IN Groupe PSIRT at psirt@ingroupe.com.

All exchanges and reports must be provided in English.

Because of the sensitive nature of such reporting, IN Groupe required that all potential security vulnerability reports be sent encrypted, using the IN Groupe PSIRT PGP/GPG Key:

Free software to read and author PGP/GPG encrypted messages may be obtained from:

Information to include in your report
To allow IN Groupe PSIRT to process the reported potential security vulnerability, you should provide the following information:

  • IN Groupe product identification: part number or product reference and version (hardware or software).
  • Complete technical description of the potential vulnerability, including any related known exploits.
  • How and when the potential vulnerability was discovered.
  • Are you aware of any reliable evidence that a malicious actor may have exploited the potential vulnerability in some manner?
    If yes, please share details.
  • Any public information already published or planned to be published (CVE, academic paper publication, etc.).
  • Your contact information to use during the process.
  • Any further information you deem appropriate to better process the reported potential security vulnerability.

Insufficient or incomplete information may prevent IN Groupe from evaluating the request, and IN Groupe reserves the right to withhold evaluation in such cases.

Potential vulnerability management process
Once submitted, IN Groupe PSIRT will manage the reported potential security vulnerability according to the following process:

  1. Reporting a new vulnerability: At this stage, IN Groupe PSIRT will acknowledge receipt of the reported issue.
  2. Evaluating: IN Groupe PSIRT will evaluate the potential vulnerability to understand if there is an issue, analyze it, and set a priority to manage valid issues. IN Groupe PSIRT may come back to the submitter in case some information is missing from the original report or if clarification is needed.
  3. Solving: IN Groupe PSIRT will investigate potential solutions and mitigations to address valid issues.
  4. Communicating: Once a solution is available (fix or mitigation), IN Groupe PSIRT will communicate back to the submitter and others where appropriate.

 

IN Groupe PSIRT Privacy Policy

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at IN Groupe use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.