Auto-ISAC Member Company Vulnerability Disclosure Programs (VDPs)

Responsible Disclosure

Auto-ISAC Members are dedicated to ensuring the security of their products and welcome engagement with responsible security researchers. We recognize that the researcher community may not always be able to reach the appropriate stakeholder(s) to responsibly report a security issue(s). We accordingly have created this page as a resource for security researchers.

We have identified some Member vulnerability disclosure programs below. Should you care to reach one of our Members that does not appear on this list to responsibly report a vulnerability, please contact us and we will assist to the extent possible.

Links to our Members’ Vulnerability Disclosure Programs (VDPs)

  • Allison Transmission

    Product Cybersecurity Vulnerability Disclosure

    Contact

  • Borg Warner

    Contact (Product issues)
    Contact (BW IT Issues)

  • Bosch

    Bosch Product Security Incident Response Team (PSIRT)

    Contact

  • Continental

    Continental Product Security Incident Response Management

    Contact

  • Cummins

    Cummins Cybersecurity Responsible Disclosure

    Contact

  • e:fs TechHub GmbH

    Product Security Incident Response Team (PSIRT)

    Contact

  • Ford

    Vulnerability Disclosure Program

    Contact

  • GM

    Vulnerability Disclosure Program

    Contact

  • Harman

    Report a vulnerability

    Contact

  • Hyundai

    Hyundai Vulnerability Reporting

    Contact

  • Infineon

    Cyber Defense Center (CSIRT) and PSIRT

    Contact

  • John Deere

    Vulnerability Disclosure Program

    Contact

  • Kia America, Inc.

    Vulnerability Reporting Program

    Contact

  • Knorr-Bremse

    Please email

    Contact

  • Lear

    Product Security Incident Response Team (PSIRT)

    Contact

  • LG Electronics

    LG Electronics Bug Bounty Program

    Contact

  • Luminar

    Responsible Security Disclosure Program

    Contact

  • Mercedes-Benz AG

    Vulnerability Disclosure Program

    Contact

  • NXP

    Product Security Vulnerability

    Contact

  • Renesas

    Product Security Incident Response Team (PSIRT)

    Contact

  • Toyota

    Vulnerability Disclosure Program

    Contact

  • Volvo Cars

    Vulnerability Reporting

    Contact

  • Motional

    Security Reporting System

    Contact

Disclaimers

THIS INFORMATION IS PROVIDED ON AN AS IS BASIS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED HEREIN IS AT YOUR OWN RISK. MEMBERS HAVE SOLE RESPONSIBILITY FOR HOW THEY HANDLE REPORTED VULNERABILITIES, AND THE LINKED PAGES MAY NOT BE CURRENT.