Report Security Vulnerabilities

Customers and other entitled users of a product or solution should contact IBM Technical Support to report issues discovered in IBM offerings. If the IBM Technical Support Team determines that a reported issue is a security vulnerability, it will contact the appropriate Security and/or System Integrity groups and inform the IBM PSIRT, as needed. These IBM teams will collaborate as required to address the issue.

Security researchers, industry groups, government organizations and vendors concerned with product security can report potential security vulnerabilities directly to the IBM PSIRT. In cases where IBM previously identified alternate security contacts and processes, vulnerability reporters can also continue to use those, as appropriate.

Vulnerability reporters can submit product security vulnerabilities to IBM PSIRT using the form below or by email.

Security Vulnerability Submission Form

Click here to submit a report of a potential product security vulnerability in an IBM offering.

Security Vulnerability Submission by Email

Vulnerability information is extremely sensitive. When using email to report a potential security issue to the IBM PSIRT, please encrypt it using our PGP public key (key ID 0xCAE9CDD2) that is available on multiple public key servers. Please direct these emails to psirt@vnet.ibm.com. It is important to include at least the following information in the email:

• Organization and contact name
• Your Reference / Advisory Number
• Products or solutions and versions affected
• Description of the potential vulnerability
• Supporting technical details (such as system configuration, traces, description of exploit/attack code, sample packet capture, proof of concept, steps to reproduce the issue)
• Information about known exploits
• Disclosure plans, if any