On this page you will find important information regarding Canon security
As Canon we take security of our IT systems seriously and value the security community. The disclosure of security weaknesses helps us ensure the security and privacy of our users by acting as a trusted partner. This policy explains the requirement and mechanism related to Canon EMEA IT System Vulnerability Disclosure that enables researchers to report security vulnerabilities in a safe and ethical manner to the Canon EMEA Information Security team.
This Policy applies to everyone including internal Canon and external participants.
The Canon EMEA Information Security Team is committed to protecting Canon’s customers and employees, as part of this commitment, we invite security researchers to help protect Canon by proactively reporting security vulnerabilities and weaknesses. You can report the details of your finding(s) at: firstname.lastname@example.org
|Domains in scope
|This is the list of domains which are included as part of the Canon Vulnerability Disclosure Policy.
You can report weaknesses to us by email: email@example.com. Please state concisely in your email what weakness(es) you have found as explicit and detailed as possible and provide any evidence you might have, keeping in mind that the message will be reviewed by Canon Security specialists. Particularly include the following in your e-mail:
We will not accept automated software scanners output.
Canon Information security experts will investigate your report and will contact you within 5 working days.
We will only use your personal details to take action based on your report. We will not share your personal details with others without your express permission.
If you discover a weakness and investigate it, you might perform actions that are punishable by law. If you follow the rules and principles below for reporting weaknesses in our IT systems, we will not report your offence to the authorities and will not submit a claim.
It is important for you to know, however, that the public prosecutor’s office – not CANON– may decide whether or not you will be prosecuted, even if we have not reported your offence to the authorities. Meaning we cannot guarantee that you will not be prosecuted if you commit a punishable offence when investigating a weakness.
The National Cyber Security Centre of the Ministry of Security and Justice has created guidelines for reporting weaknesses in IT systems. Our rules are based on these guidelines. (https://english.ncsc.nl/)
Take responsibility and act with extreme care and caution. When investigating the matter, only use methods or techniques that are necessary in order to find or demonstrate the weaknesses.
Will I receive a reward for my investigation?
No, you are not entitled to any compensation.
Am I allowed to publicize the weaknesses I find and my investigation?
Never publicize weaknesses in Canon IT systems or your investigation without consulting us first via the email: firstname.lastname@example.org. We can work together to prevent criminals from abusing your information. Consult with our Information Security team and we can work together towards publication.
Can I report a weakness anonymously?
Yes, you can. You do not have to mention your name and contact details when you report a weakness. Please realize, however, that we will be unable to consult with you about follow-up measures, e.g. what we do about your report or further collaboration.
What shouldn’t I use this email address for?
The email: email@example.com is not intended for the following: