Report a security vulnerability
Sensata considers security as one of the key quality aspects of our products and services. If you have discovered a security vulnerability in one of our products, online services, or IT systems, we encourage you to disclose it to us in a responsible manner. See Coders' Rights Project Vulnerability Reporting FAQ for an example of how this may be accomplished.
Sensata will engage with security reporters when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitments to security and privacy.
We will not take legal action against, or suspend or terminate the accounts of reporters who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.
Sensata reserves all legal rights in the event of any non-compliance.
We encourage security reporters to share the details of any suspected vulnerabilities with the Sensata Information Security Team by submitting the form at the bottom of this page. Sensata will review the submission to determine if the finding is valid and has not been previously reported.
We require security reporters to include detailed information with steps for us to reproduce the vulnerability. If you are submitting multiple vulnerabilities, please specify each vulnerability clearly so that they may be tracked separately. Submitting a vulnerability scan report does NOT constitute a submission. Although this may help as an artifact, having a well-tested example of the vulnerability is required. If you are looking for discussion around vulnerability reports, please follow up with that product's technical support teams, as many vulnerability scanners produce false positives, and many are up to customers to configure the product properly for production use.
If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy, Sensata commits to:
- Working with you to understand and validate the issue
- Addressing the risk (if deemed appropriate by Sensata)
- Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Sensata will deem the submission as noncompliant with this Responsible Disclosure Policy.
In addition, to remain compliant you are prohibited from:
- Accessing, downloading, or modifying data residing in an account that does not belong to you
- Executing or attempting to execute any "Denial of Service"; attack
- Posting, transmitting, uploading, linking to, sending, or storing any malicious software
- Testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of unsolicited messages
- Testing in a manner that would degrade the operation of any Sensata systems
- Testing third-party applications, websites, or services that integrate with or link to Sensata systems