GE Appliances Coordinated Vulnerability Disclosure Process
GE Appliances implements industry best practices to ensure the security of your connected appliance and the privacy of your data. We implement incident and risk management with all our products and services. To learn more on our commitment to security please visit our security webpage: https://www.geappliances.com/security.
GE Appliances is committed to answering your questions or any concerns you may have. With all our brands, our goal is to ensure your satisfaction, while offering the highest levels of professional service. If you have a specific security concern or believe you have found a security vulnerability with one of our connected appliances, please contact the GE Appliances Product Security Incident Response Team (GEA-PSIRT) at GEAppliancesProductSecurity@geappliances.com.
GEA-PSIRT supports PGP encryption using the GE Appliances Connected Home PGP Key to encrypt your email. In your email, please include the following information:
-
- Appliance Product Name(s), Model(s), and Serial Number(s)
- The information on your Connected Appliance Information sticker
- Description of the concern or vulnerability
- Information to help GEA-PSIRT to replicate the issue, such as configuration details, a proof-of-concept, or exploit code
- Whether or not you would like to be contacted in case more information is needed
- Whether or not you would like to be contacted of status updates when relevant information becomes available and the mitigation(s) is in place
- Whether or not you would like to be acknowledged for helping us improve our products. Should you choose to remain anonymous, GEA-PSIRT will not publicly disclose your identity. Maintaining your privacy is important and we will not publicly disclose your identity unless you inform us otherwise.
- Appliance Product Name(s), Model(s), and Serial Number(s)
Our commitment to you by providing the above:
GEA-PSIRT will aim to acknowledge receipt by email within two (2) business days (excluding public holidays in the United States of America) and will respond if further information is needed to investigate a security issue. If you have chosen to opt-in, we will keep you informed of significant status updates when available and whether or not the issue is confirmed; and if confirmed, when mitigated.
Timeframes for mitigation development, testing, and deployment may be affected by factors such as but not limited to, the ability to confirm and reproduce the issue, the complexity and manufacturing of the mitigation, and the responsiveness of users applying over-the-air software updates. For these reasons, it may be necessary to coordinate acknowledgment to maximize the protection of our users.
Please note, GE Appliances does not disclose, discuss, or confirm any security issue until a full investigation is complete and any necessary press releases, security updates, and releases are available. In some cases, GE Appliances may request a neutral third-party to assist in the resolution, communication, and coordination of the issue.
We acknowledge security researchers who have selected not to opt out and who have reported security issues on our brands of appliances by contacting GEA-PSIRT on the GE Appliances Connected Home Security Researchers Credit Page.