The PSIRM Team is a global team, which manages security vulnerability information related to Continental products. It is the central point of contact for all security researchers, customers, partners and suppliers, to report security information related to products of Continental.
If you believe you have identified a potential security vulnerability in a Continental Product, please contact us at:
PSIRM@continental-corporation.com.
We recommend that all information send to us be encrypted using the PSIRM PGP/GPG Key.
PGP/GPG Key
Fingerprint: 5CB1 093D 6415 0150 D99D FB8C F76F 4C47 5653 E9EE
- Continental PSIRM Public Key: download.zip
Software for encryption of messages using PGP/GPG keys
- You can use GnuPG (Free) or any other encryption software, which supports PGP/GPG Keys.
Handling Process
1. Reporting
If you believe you have identified a potential security vulnerability in a Continental product, please contact us at:
PSIRM@continental-corporation.com
When reporting kindly provide us following information:
- Name/handle and a link for recognition in our Hall of Fame. In case you want to remain anonymous, we would respect your interests
- Contact: Details how to contact you if some more information is required
- Description: Technical details and potential impact of the vulnerability
- Affected components: Information as far as available such as model, firmware version, A2C number, any further publicly available information or link to it.
2. Verification
As soon as a vulnerability report is received, a tracking number is issued and provided to the reporter. Then relevant product responsible are involved to validate and to understand the potential vulnerability and assessment of risk attached to it.Once it is confirmed that one of our products has a vulnerability, we intend to notify our affected customers.
3. Analysis
As next step a detail investigation is been made to understand the root cause, possible methods of exploitation and risk assessment.
4. Mitigation
A remediation plan is prepared, and a mitigation strategy is established.
5. Disclosure
Being a member of Automotive Information Sharing and Analysis Community (Auto-ISAC), we intend to disclose the vulnerability to the Automotive Community. However, this is only done in alignment with all our affected customers. It is important for us that our customers as well as our internal organization gets adequate time to deploy required mitigation, before any damage could be caused by disclosure of the vulnerability report.