This policy is intended to provide security researchers with information on how to report discovered vulnerabilities to FUJIFILM Corporation.
The following process is based on ISO/IEC 29147.
Please access the following form to report a vulnerability regarding our products.
Please be sure to fill out the following items in the form.
- Contact information (first name, last name, email address)
- Product name (s)
- Software / Firmware version (s)
- Details (please include the possible cause and procedure to reproduce the vulnerability)
Please describe in English.
NOTE: We would also like you to send the following information as much as possible, after we respond to you and start our communication. Please use the PGP key.
- Proof of concept (PoC) scripts
- Screenshots
- Names of the tool (s) required for reproduction
This policy applies to FUJIFILM Corporation products such as multifunction devices, printers, production printers, software, and cloud services.
Products that we do not support (trial versions and products that are no longer supported) are excluded from scope.
We will contact you at the email address provided in the form within seven business days of receiving your vulnerability report. Replies may be delayed during our holidays (e.g., New Year, summer, and national holidays in Japan).
We will contact you again after we confirm whether the vulnerability exists in our products. If the vulnerability exists, we will coordinate with you on the timing of the fix and the publication of the security advisory.
Regardless of the content of the report, we do not offer rewards.