PSIRM Website

Company

Continental Product Security Incident Response Management

Home > Company > PSIRM Website

Continental Product Security Incident Response Management

Welcome to the Continental Product Security Incident Response Management (PSIRM) website.

The PSIRM Team is a global team, which manages security vulnerability information related to Continental products. It is the central point of contact for all security researchers, customers, partners and suppliers, to report security information related to products of Continental.

If you believe you have identified a potential security vulnerability in a Continental Product, please contact us at:
PSIRM@continental-corporation.com.
Alternatively, you can send your documents to:
 
Security & Privacy Competence Center (SCC)
Product Security Incident Response Management (PSIRM)
Guerickestrasse 7, 60488 Frankfurt am Main, Germany
 
We recommend that all information send to us be encrypted using the PSIRM PGP/GPG Key.
PGP/GPG Key
Fingerprint: 14:FD:9F:74:25:63:9B:84:3B:BE:67:C2:87:AF:9E:25:80:32:D5:08 Software for encryption of messages using PGP/GPG keys
  • You can use GnuPG (Free) or any other encryption software, which supports PGP/GPG Keys.


Handling Process

  1. Reporting
If you believe you have identified a potential security vulnerability in a Continental product, please contact us at:
PSIRM@continental-corporation.com 
Alternatively, you can send your documents to:
Security & Privacy Competence Center (SCC)
Product Security Incident Response Management (PSIRM)
Guerickestrasse 7, 60488 Frankfurt am Main, Germany

When reporting kindly provide us following information:
  • Name/handle and a link for recognition in our Hall of Fame. In case you want to remain anonymous, we would respect your interests
  • Contact: Details how to contact you if some more information is required
  • Description: Technical details and potential impact of the vulnerability
  • Affected components: Information as far as available such as model, firmware version, A2C number, any further publicly available information or link to it.
 
  1. Verification
As soon as a vulnerability report is received, a tracking number is issued and provided to the reporter. Then relevant product responsible are involved to validate and to understand the potential vulnerability and assessment of risk attached to it.
Once it is confirmed that one of our products has a vulnerability, we intend to notify our affected customers.
 
  1. Analysis
As next step a detail investigation is been made to understand the root cause, possible methods of exploitation and risk assessment.
 
  1. Mitigation
A remediation plan is prepared, and a mitigation strategy is established.
 
  1. Disclosure
Being a member of Automotive Information Sharing and Analysis Community (Auto-ISAC), we intend to disclose the vulnerability to the Automotive Community. However, this is only done in alignment with all our affected customers. It is important for us that our customers as well as our internal organization gets adequate time to deploy required mitigation, before any damage could be caused by disclosure of the vulnerability report.