Vulnerability Information Disclosure Policy for DENSO WAVE Products

Vulnerability response policy

DENSO WAVE gather information on cyber the security vulnerabilities of our products and take measures to ensure that customers can use our products and services safely.

Regarding response to vulnerabilities, we disclose relevant information in accordance with ISO/IEC 29147 and the Information Security Early Warning Partnership Guideline.

  • 1. Organizational structure for vulnerability management




    ※ CISO … Chief Information Security Officer
    ※ CSIRT … Computer Security Incident Response Team
    ※ PSIRT … Product Security Incident Response Team

  • 2. Vulnerability response procedures

    • (1) Collecting vulnerability information
      DENSO WAVE gather vulnerability information on our products from external sources.
      If you find a vulnerability in our products, please inform us following information using the Vulnerability Information Report Form.
    • • Products and versions in which a vulnerability was found
    • • Details of the vulnerability
    • • Vulnerability verification methods
    • • Expected damage and the scope of its impact
    • Personal information contained in the submitted information will be managed based on our privacy policy.
    • We will inform that we have received it within five business days of receipt.
    • (2) Analyzing vulnerability information at product development divisions
      Product development divisions investigate the details of collected vulnerability information.
      We may ask you to submit additional information (e.g., status of use) as necessary. We would appreciate your cooperation.
    • (3) Determining whether a vulnerability needs to be fixed
      If we judge that there is a security vulnerability, the vulnerability will be fixed and preparations will be made to disclose the information.
      We will study countermeasures, including software updates and effective mitigation measures in place of updates, depending on the situation.
    • (4) Disclosing information
      We will disclose information about the details of the vulnerability and the potential for abuse, products or product versions which are likely to be affected, and a security advisory indicating countermeasures.
      The disclose date will be coordinated by information provider, coordinating entities (e.g., JPCERT/CC), and internal and external relevant organizations based on the principle of coordinating the disclosure date.

  • 3. List of product vulnerability information

  • Date of Update File Name
    - -