FUJIFILM Business Innovation
Search

Vulnerability Disclosure Policy

This policy is intended to provide security researchers with information on how to report discovered vulnerabilities to FUJIFILM Business Innovation.
The following process is based on ISO/IEC 29147.

How to Report a Vulnerability

Please access the following form to report a vulnerability regarding our products.

Vulnerability report form

Please be sure to fill out the following items in the form.

  • Contact information (first name, last name,email address)
  • Product name(s)
  • Software/Firmware version(s)
  • Details (please include the possible cause and procedure to reproduce the vulnerability)

Please describe in English.

NOTE: We would also like you to send the following information as much as possible, after we respond to you and start our communication. Please use the PGP key.

  • Proof of concept (PoC) scripts
  • Screenshots
  • Names of the tool(s) required for reproduction

Scope

This policy applies to Fuji Xerox and FUJIFILM Business Innovation products such as multifunction devices, printers, production printers, software, and cloud services.
Products that we do not support (trial versions and products that are no longer supported) are excluded from scope.

Our response

We will contact you at the email address provided in the form within five business days of receiving your vulnerability report. Replies may be delayed during our holidays (e.g., New Year, summer, and national holidays in Japan). 

We will contact you again after we confirm whether the vulnerability exists in our products. If the vulnerability exists, we will coordinate with you on the timing of the fix and the publication of the security advisory. 

Publication of the security advisory

We will coordinate the publication schedule and content with you and other related members in advance. The security advisory will be published as soon as possible on our company website. 

Vulnerabilitiy Advisories

CVE ID

We can assign and publish CVE IDs for reported issues in Fuji Xerox and FUJIFILM Business Innovation products within the scope above when, through coordination with the reporter, the issue is determined to meet the CVE Program’s definition of a vulnerability.

This applies to multifunction devices, printers, production printers, software, and cloud services.
Trial versions and products that are no longer supported are excluded.

Rewards

Regardless of the content of the report, we do not offer rewards.

Go to top