Report A Vulnerability

How To Report A Vulnerability

If you have identified a security issue in a WatchGuard product or service, please report your discovery to WatchGuard's PSIRT team at [email protected]. If reporting through email, please encrypt sensitive information using our PGP key.


What You Should Include In A Report

To assist WatchGuard PSIRT's ability to quickly confirm and respond to your vulnerability report, please include as much information as possible including:

Your contact information:

  • Name
  • Affiliation / Company (if applicable)
  • Email address
  • Your PGP key (if applicable)

Vulnerable product/system information:

  • The product name
  • Version/model number
  • Operating system (if applicable)
  • Pertinent configuration information

Vulnerability Details

  • A detailed description of the vulnerability
  • Steps to reproduce the vulnerability
  • Sample / Proof of Concept code to verify the vulnerability
  • A CVE number if already acquired
  • Any additional information that may assist in investigation

Communication and disclosure

  • Disclosure plans
  • How would you like to be credited in the security advisory?

What You Should Expect After Submitting A Report

A member of WatchGuard PSIRT will investigate your report and contact you via email with any additional clarification requests or to confirm the flaw and work towards a resolution and responsible disclosure.