Vulnerability Disclosure Policy
This policy is intended to provide security researchers with information on how to report discovered vulnerabilities to FUJIFILM Business Innovation.
The following process is based on ISO/IEC 29147.
How to Report a Vulnerability
Please access the following form to report a vulnerability regarding our products.
Please be sure to fill out the following items in the form.
- Contact information (first name, last name,email address)
- Product name(s)
- Software/Firmware version(s)
- Details (please include the possible cause and procedure to reproduce the vulnerability)
Please describe in English.
NOTE: We would also like you to send the following information as much as possible, after we respond to you and start our communication. Please use the PGP key.
- Proof of concept (PoC) scripts
- Screenshots
- Names of the tool(s) required for reproduction
Scope
This policy applies to Fuji Xerox and FUJIFILM Business Innovation products such as multifunction devices, printers, production printers, software, and cloud services.
Products that we do not support (trial versions and products that are no longer supported) are excluded from scope.
Our response
Within five business days from the day we received the vulnerability report, we will contact your email address specified in the form. During the period of our holidays (such as New Year holidays, summer holidays, Japan’s national holidays, etc.), the reply may be delayed.
We will contact you again after we confirm whether the vulnerability exists in our products. If the vulnerability exists, we would like to coordinate the schedule of the fix and the publication of the security advisory with you.
Publication of the security advisory
We will coordinate the publication schedule with you and other related members and post the security advisory on the following page on our company website or the support page for each product available for registered users only as promptly as possible.
Rewards
Regardless of the content of the report, we do not offer rewards.