Safety and security are incredibly important to PTC and to the ecosystems we serve. As we see greater convergence of physical and digital systems, we all carry a shared responsibility to develop and maintain more secure, defensible, and resilient systems. PTC is committed to doing our part through robust security programs and initiatives. As an extension to our own efforts, PTC wishes to team with willing allies acting in good faith. As such, PTC welcomes the invaluable contributions offered by security researchers. To ensure a smooth and streamlined process, we have our Coordinated Vulnerability Disclosure Program.
To ensure proper handling of the disclosure in both directions, please adhere to the following instructions:
Once we have received your message, an appropriate PTC employee will acknowledge receipt within seven (7) calendar days.
We are willing to work with security researchers who comply with the following guidelines:
Once we have received a submission, PTC will:
Where necessary or if we are unable to resolve communication issues or other problems, PTC may bring in a neutral third party (such as CERT/CC, DHS-ICS-CERT, or the relevant regulator) to assist in determining how best to handle the vulnerability.
Note: Any information shared with PTC may be used by PTC in any manner determined appropriate by PTC. Submitting any information will not create any rights for the submitter, nor will it create any obligations for PTC.