Vulnerability handling

As the cybersecurity landscape continues to evolve, vulnerabilities can affect any technology provider. Westermo takes a proactive approach to vulnerability management, recognizing that timely identification, assessment, and response are critical to maintaining product security.

To maintain a high level of product cybersecurity, Westermo operates a dedicated PSIRT (Product Security Incident Response Team) that investigates and responds to reported vulnerabilities. Beyond handling incoming reports, we proactively monitor vulnerability databases, and the wider threat landscape to identify CVEs and other cybersecurity issues that could affect our products throughout their lifecycle. At Westermo we have a Coordinated Vulnerability Disclosure (CVD) policy and a well-defined process that ensures all vulnerabilities are handled in a transparent, timely, and coordinated manner.

Westermo PSIRT is responsible for the reception, identification, assessment and disposition of the risks associated with security vulnerabilities in accordance with the scope of this policy. PSIRT is also responsible for coordination and communication with all internal stakeholders to ensure proper response and when necessary, release Security Advisories.
Westermo welcomes vulnerability reports from any individual or organisation that identifies a potential security issue, including customers, independent security researchers, academic institutions, industry partners, and other members of the cybersecurity community.

The Coordinated Vulnerability Disclosure process is illustrated below:

Vulnerability Disclosure process

Vulnerability Discovery

Westermo encourages the responsible reporting of suspected vulnerabilities through its official reporting channels and acknowledges received reports with a tracking number, typically within one business day.

Vulnerability Triage

Westermo investigates and validates reported vulnerabilities, requesting additional information where necessary and developing an appropriate mitigation and remediation plan for confirmed issues.

Vulnerability Coordination

Westermo coordinates the handling of validated vulnerabilities with relevant development teams, maintains communication with the reporting party, and, where required, engages competent authorities and releases mitigations or software updates.

Vulnerability Disclosure

Westermo follows a coordinated vulnerability disclosure process, typically targeting disclosure within 90 days of acknowledgement, while communicating fixes and security advisories through established customer notification channels.

Westermo will use existing customer notification processes to manage the release of fixes and patches. This may include direct customer notification, or public release of security advisory containing all information.

Security advisories may be published in stages as information and mitigations become available.

The complete Coordinated Vulnerability Disclosure Policy can be downloaded here >

Nuri Shakeer

International Sales

Ask me about vulnerability handling

Indtast en besked på mindst 30 tegn

Indtast en gyldig e-mailadresse

Indtast et gyldigt telefonnummer

Andre måder at kontakte os på

Indtast venligst din e-mailadresse for at hente filen


Tak! Der er sendt en e-mail til din indbakke.

Noget gik galt! Prøv igen senere.