IBM PSIRT is the centralized process for reporting potential IBM security and AI vulnerabilities. IBM Secure Engineering practices were designed to help IBM act in a timely fashion on reported issues affecting products or solutions. To protect customers, IBM does not disclose or confirm vulnerabilities until an analysis is complete, and fixes or mitigations are issued.
A global team manages the investigation of vulnerability information related to all IBM products and websites. With the product teams, they identify appropriate responses, ensuring communication between all involved parties. The PSIRT process is risk-based and influenced by the FIRST framework: Discovery, Triage, Remediation, Disclosure.
Report potential security and AI vulnerabilities in IBM products and websites, protected by IBM Safe Harbor Policy, using the reporting methods available in this section.
Clients and users can report any potential vulnerabilities discovered in IBM products
Third-party researchers and other security entities can report potential vulnerabilities in IBM products or websites
Report product vulnerabilities by email to IBM. Use the IBM PGP public key to encrypt email if necessary.
Report product or website vulnerabilities via an anonymous form
IBM communicates security vulnerabilities via bulletins or targeted methods, ensuring analysis before public disclosure.
Find all Common Vulnerabilities and Exposures affecting IBM products in our CVE Database in a search form.
Sign up for My Notifications to receive critical IBM software updates and proactively prevent issues.
The IBM System Integrity Statement reflects decades of trust and commitment in IBM Z and LinuxOne platforms.
View notices regarding potential security threats that might affect IBM Cloud platform and services.