CERT Michelin

CERT Michelin is the team within Michelin Group that handles information security incidents which could impact Michelin company.
We consider that the safety and security of our customers is one of the top priorities.
Therefore, we design and make products and services with the best quality and reliability possible. Despite our efforts to implement the best possible security measures, vulnerabilities may still be present in our products, services and systems.
This document describes Michelin’s policy for receiving reports related to potential security vulnerabilities in its products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities.

1. Report a Michelin vulnerability

Please, contact us if you have think you have found a vulnerability in a Michelin group products or services.
In order to do so please reach us at cert[@]michelin.com using our PGP key ID and its fingerprint to encrypt to mail.
Key ID is 0x24EEA0D0 and fingerprint is: BD118C3B6C13B45223C89AC03E5962EF24EEA0D0 PGP Key could be found on https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3e5962ef24eea0d0

Michelin CERT is the team that handles information security incidents which could impact Michelin company. In order to help us reproduce, triage and remediate the vulnerability, please, provide us the following informations.

After receiving your report, we will contact you back to acknowledge the reception of the vulnerability and start the remediation process on our side.

Vulnerability disclosure rules

Michelin CERT encourage researchers to report vulnerabilities and to comply with the following responsible disclosure guidelines:


Out of scope vulnerabilities


Please be advised, that currently, we DO NOT offer any form of bounty for any findings. However, if you wish, we could add your name or nickname to our hall of fame page.


Michelin will process your personal data only to manage your reporting. Your data will be share only to the authorized Michelin’s services and no more than 5 years. To exercise your access, deletion or other rights, you can contact us at the email address: CERT[@]michelin.com. Learn more about how Michelin manage personal data https://www.michelin.com/en/privacy-policy/.

Michelin CERT appreciates your efforts to improve the security of our product and systems by made a reporting.
All aspects of this process are subject to change without notice, as well as to case-by exceptions. No particular level of response is guaranteed for any specific issue or class of issues.

2. Notify us about a cyber incident/threat involving Michelin

If you are aware of any personnal information data leaks that may concern Michelin group(or any other threat), please send us an email to CERT[@]michelin.com
If you need to send us information in a secure manner, please use our PGP key.
Please, do not contact us for technical support on our services.

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University