Security Issue Reporting Guidelines

Steps to Report a Vulnerability.

Please report any potential or real security vulnerability claim to the ASSA ABLOY Security Resources Team via e-mail at security@assaabloy.com.   Please encrypt your e-mail with PGP and this public key.

Please include the information below in your e-mail report:

  • First and last name
  • Company name
  • Contact phone number (optional)
  • Preferred e-mail contact
  • General description of vulnerability
  • Product containing vulnerability (hardware & software versions), part numbers
  • Tools, hardware and other configurations required to trigger the event
  • Any security or service pack updates applied
  • Document instructions to reproduce the event
  • Sample code, proof of concept or executable used to produce event
  • Definition of how the vulnerability will impact a user including how the attacker could breach security on-site
  • Affected product
  • System Details
  • Technical Description and steps to reproduce
  • Point of Contact
  • Other parties and products involved
  • Disclosure plans/Dates/drivers
  • What was the purpose and scope of research being performed when the vulnerability was found (context)?