SUPCON PSIRT

Trusted Response for Industrial Cybersecurity

We safeguard our industrial automation products by identifying, analyzing, and resolving security vulnerabilities with precision and transparency.

Overview

What Is SUPCON PSIRT?

The SUPCON Product Security Incident Response Team (PSIRT) is a dedicated global team responsible for receiving, investigating, and disclosing security vulnerabilities related to SUPCON products.

We welcome reports from security researchers, customers, industry organizations, and suppliers. SUPCON PSIRT follows a structured vulnerability management process to assess risks, coordinate remediation, and ensure timely and responsible disclosure.

Our Responsibilities & Process

Our Responsibilities & Vulnerability Handling Process

SUPCON PSIRT manages product security vulnerabilities throughout their lifecycle—from initial discovery to final resolution—following international standards such as ISO/IEC 30111 and ISO/IEC 29147.

We aim to reduce risk, ensure rapid response, and continuously improve our security posture through structured, transparent processes.

Core Responsibilities:

Accept and validate reported vulnerabilities
Analyze root causes and reproduce issues
Coordinate internal investigation and risk assessment
Develop and test remediation measures
Disclose vulnerabilities responsibly with mitigation guidance
Gather feedback to enhance security maturity

Our Standard Process

Discovery

Monitor and systematically collect suspected vulnerabilities

Assessment

Complete the vulnerability qualification and issue reproduction

Remediation

Design and implement vulnerability remediation schemes

Disclosure

Promptly disclose vulnerabilities and release mitigation strategies

Feedback

Incorporate customer and team feedback for ongoing improvement

SUPCON's Full Lifecycle Commitment

Vulnerability Disclosure & Continuous Improvement

At SUPCON, we don't just respond to vulnerabilities — we continuously refine our systems and engineering practices based on real-world security findings.

Each confirmed vulnerability feeds back into our secure development lifecycle through:

Internal cause analysis and formal defect tracking
Engineering reviews and product team resolution workflows
Integration into R&D quality gates and platform-level defense improvements
Public disclosure via Security Bulletins once remediation is available

This closed-loop system ensures that every security report, whether internal or external, becomes an opportunity for improvement — enhancing the safety and resilience of all SUPCON products.

Security is not a one-time fix — it's a disciplined, transparent, and evolving process we embed in our DNA.

Report a Vulnerability

Security researchers, industry organizations, and customers are encouraged to report suspected vulnerabilities in SUPCON products to our dedicated team at cybersecurity@supcon.com.

All reported issues will be reviewed promptly in accordance with our standard vulnerability management process.

To facilitate timely and accurate assessment, please include the following information in your submission (as applicable)::

Product or driver name, version, and branch
Type of vulnerability (e.g., code execution, denial of service, buffer overflow)
Clear steps to reproduce the issue
Proof-of-concept (PoC) or exploit code (if available)
Potential impact and exploitation scenarios

SUPCON values collaboration with the security community and is committed to handling all submissions with professionalism, confidentiality, and transparency.