Our Vulnerability Disclosure Policy outlines how we handle reports of vulnerabilities in our software or hardware systems, and provide clear guidance to those who discover weaknesses.
Canon Production Printing (“we”, “our” or “us”) will collect and disclose product vulnerability information to ensure the security of our products and services (“Products”) and to protect our customers from cyber threats.
We have a Product Security Incident Response Team (PSIRT) to handle vulnerability information relevant to the Canon Production Printing Products reported and managed through the Canon EMEA PSIRT.
We work continuously to identify and limit the risk associated with vulnerabilities in our Products. However, suppose you identify a product vulnerability as an end-user, partner, vendor, industry group, or independent researcher. In such as case, we encourage you to report the problem immediately via the Canon EMEA PSIRT using the reporting form link below. Timely reporting of vulnerabilities is critical to reducing the likelihood that they can be exploited in practice. Report a product security issue.
We will work closely with the Canon EMEA PSIRT to ensure an agreed disclosure process and date. You can find further details in the Canon EMEA PSIRT Vulnerability Disclosure Policy.
We do not conduct a bug bounty program. Accordingly, please acknowledge that there is no expectation of payment or compensation and that any future right to claim related to the submitted report is waived.
Reported vulnerability information for the relevant Products will be evaluated by our technical teams, after which we will provide feedback to the reporter via the Canon EMEA PSIRT. Canon Production Printing may publish product security, advisories, and notifications on its Security News webpage.
If we determine that the submitted report describes a new vulnerability, we will implement countermeasures and/or present workarounds that we determine appropriate. In addition, when deemed necessary, we will publish security advisories on our Canon Production Printing product security advisories and notifications webpage as soon as we can disclose information to enable our customers/partners to take appropriate mitigating measures. A security advisory is typically provided only for Canon Production Printing-specific vulnerabilities.
We appreciate you, being the reporter, reporting to us vulnerability information, including any data, text, material, program code, suggestion, and recommendation (collectively “Reported Vulnerabilities”) to enable us to investigate and if necessary, providing solutions to prevent any risks and vulnerabilities in our Products. By providing any Reported Vulnerabilities to us, you understand and agree that: