How To Report A Vulnerability
If you have identified a security issue in a WatchGuard product or service, please report your discovery to WatchGuard's PSIRT team at [email protected]. If reporting through email, please encrypt sensitive information using our PGP key.
What You Should Include In A Report
To assist WatchGuard PSIRT's ability to quickly confirm and respond to your vulnerability report, please include as much information as possible including:
Your contact information:
- Affiliation / Company (if applicable)
- Email address
- Your PGP key (if applicable)
Vulnerable product/system information:
- The product name
- Version/model number
- Operating system (if applicable)
- Pertinent configuration information
- A detailed description of the vulnerability
- Steps to reproduce the vulnerability
- Sample / Proof of Concept code to verify the vulnerability
- A CVE number if already acquired
- Any additional information that may assist in investigation
Communication and disclosure
- Disclosure plans
- How would you like to be credited in the security advisory?
What You Should Expect After Submitting A Report
A member of WatchGuard PSIRT will investigate your report and contact you via email with any additional clarification requests or to confirm the flaw and work towards a resolution and responsible disclosure.