CERT Michelin

CERT Michelin is the team within Michelin Group that handles information security incidents which could impact Michelin company.
We consider that the safety and security of our customers is one of the top priorities.
Therefore, we design and make products and services with the best quality and reliability possible. Despite our efforts to implement the best possible security measures, vulnerabilities may still be present in our products, services and systems.
This document describes Michelin’s policy for receiving reports related to potential security vulnerabilities in its products and services and the company’s standard practice with regards to informing customers of verified vulnerabilities.

1. Report a Michelin vulnerability

Please, contact us if you have think you have found a vulnerability in a Michelin group products or services.
In order to do so please reach us at cert[@]michelin.com using our PGP key ID and its fingerprint to encrypt to mail.
Key ID is 0xC64D4D12 and fingerprint is: 238D 6E9B B2C4 DF02 74F8 916C B615 D969 C64D 4D12 PGP Key could be found on https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb615d969c64d4d12

Michelin CERT is the team that handles information security incidents which could impact Michelin company. In order to help us reproduce, triage and remediate the vulnerability, please, provide us the following informations.

After receiving your report, we will contact you back to acknowledge the reception of the vulnerability and start the remediation process on our side.

Vulnerability disclosure rules


Michelin CERT encourage researchers to report vulnerabilities and to comply with the following responsible disclosure guidelines:

Don't

Out of scope vulnerabilities

Reward

Please be advised, that currently, we DO NOT offer any form of bounty for any findings. However, if you wish, we could add your name or nickname to our hall of fame page.

Note

Michelin will process your personal data only to manage your reporting. Your data will be share only to the authorized Michelin’s services and no more than 5 years. To exercise your access, deletion or other rights, you can contact us at the email address: CERT[@]michelin.com. Learn more about how Michelin manage personal data https://www.michelin.com/en/privacy-policy/.

Michelin CERT appreciates your efforts to improve the security of our product and systems by made a reporting.
All aspects of this process are subject to change without notice, as well as to case-by exceptions. No particular level of response is guaranteed for any specific issue or class of issues.

2. Notify us about a cyber incident/threat involving Michelin

If you are aware of any personnal information data leaks that may concern Michelin group(or any other threat), please send us an email to CERT[@]michelin.com
If you need to send us information in a secure manner, please use our PGP key.
Please, do not contact us for technical support on our services.

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University