This website uses cookies. By using the site you are agreeing to our Privacy Policy.
Japan
Home About Us Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

This policy is intended to provide security researchers with information on how to report discovered vulnerabilities to FUJIFILM Corporation.
The following process is based on ISO/IEC 29147.

How to Report a Vulnerability

To report vulnerabilities in our products, please read the following explanation regarding personal information collection, provide your consent, fill in the required details, and send the report via email to the vulnerability reporting address.

  • First name, last name *
  • Email address *
  • Company name
  • Country or Region
  • Product name(s) *
  • Software/Firmware version(s) *
  • CWE code
  • Details (please include the possible cause and procedure to reproduce the vulnerability) *

Vulnerability Reporting Address: dge-fujifilm_vulnreport@fujifilm.com

Please describe in English.

NOTE: We would also like you to send the following information as much as possible, after we respond to you and start our communication. Please use the PGP key.

  • Proof of concept (PoC) scripts
  • Screenshots
  • Names of the tool(s) required for reproduction
Data Controller and Data Protection Office

The Data Controller in relation to any personal information that is collected within the scope of this Privacy Policy is FUJIFILM Holdings Corp. 9-7-3, Akasaka Minato-ku, Tokyo Japan. Our Data Protection Officer / Data Protection Team can be contacted by email at  dge-fujifilm_vulnreport@fujifilm.com.

Collection of Personal Information

FUJIFILM Holdings Corp. controls and responds to personal information (name, email address, company name and IP address. "Personal Information") entered and sent from the vulnerability Web form.

Purpose of Use of Personal Information

With regard to the Personal Information entered and sent from Web form, we will use it to respond and confirm the content of the vulnerability. We will not use the Personal Information without your consent for any purpose other than the above-mentioned use.

Basis for Personal Information processing

To contact you regarding vulnerabilities, please enter a check in the following check box and agree to the handling of this Personal Information before sending it.

Sharing and Disclosure of Personal Information with Third Parties

Personal Information shall not be disclosed to any third party without your consent. However, we will share your Personal Information with Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). When the vulnerability report regards of our affiliated entities, we will also share the Personal Information with FUJIFILM Corporation and  FUJIFILM Business Innovation Corp.

When we share the Personal Information with JPCERT/CC, FUJIFILM Corporation, and/or FUJIFILM Business Innovation Corp, we will not use the Personal Information for any purpose other than the use mentioned in this Privacy Policy.

Secured Management of Personal Information

FUJIFILM Holdings Corp. takes adequate technical and organizational security measures in order to protect your Personal Information from being misused, and to prevent the loss of your information. Your Personal Information is saved in a secure operating environment that is not accessible to the public. All registered Personal Information will be stored in encrypted form to prevent misuse of information by malicious third parties.

Your Rights Relating to your Personal Information

You have the right to request access to the Personal Information, to request rectification or erasure of Personal Information, to restrict processing of your Personal Information, to object to such processing and to exercise your right to data portability in accordance with the applicable laws. You have the right to lodge a complaint with a competent supervisory authority in accordance with the applicable laws if you consider that the processing of Personal Information relating to you infringes the applicable law.

Retention Period of Personal Information

Personal Information will be discarded as soon as the response to the vulnerability is completed.
 

Overseas Transfer of Personal Information

Personal Information entered and sent from your email will be processed and managed in Japan.

Changes to the Privacy Policy

FUJIFILM Holdings Corp. reserves the right to change, amend, or update this Privacy Policy. If we do decide to change our Privacy Policy, we will post the revised Privacy Policy and indicate the date of publication. On return visits, please remember to review the Privacy Policy for any changes, since continued use of the Website(s) after any posted revision indicates your consent to our use of your information in accordance with the changed, amended, or updated Privacy Policy.

Legitimacy of Personal Information processing

We process your Personal Information based on your consent, as necessary for the purposes of our legitimate interests.

Date of enactment
2026.3.6

Scope

This policy applies to FUJIFILM Corporation products such as multifunction devices, printers, production printers, software, and cloud services.
Products that we do not support (trial versions and products that are no longer supported) are excluded from scope.

Our response

We will contact you at the email address provided in the form within seven business days of receiving your vulnerability report. Replies may be delayed during our holidays (e.g., New Year, summer, and national holidays in Japan).

We will contact you again after we confirm whether the vulnerability exists in our products. If the vulnerability exists, we will coordinate with you on the timing of the fix and the publication of the security advisory.

Rewards

Regardless of the content of the report, we do not offer rewards.