Your browser is not supported.
For the best experience, please access this site using the latest version of the following browsers:
By closing this window you acknowledge that your experience on this website may be degraded.
Product Security
- (PSIRT)
- Vulnerability Reporting
- PGP Key
Product Security Incident Response Team (PSIRT)
Honeywell Aerospace PSIRST’s mission is to safeguard the integrity and trust of Honeywell Aerospace products and services by proactively managing and responding to security vulnerabilities and incidents. We are committed to delivering industry-leading security solutions through vigilant threat detection, swift incident response, and collaborative efforts, ensuring the resilience of our products and the confidence of our customers. To achieve this, the PSIRT is dedicated to the following key objectives:
- Vulnerability Incident Response
- Proactive Threat Monitoring and Detection
- Rapid Incident Response
- Collaboration and Communication
- Continuous Improvement
- Customer Assurance and Transparency
Honeywell Aerospace is committed to providing appropriate resources to analyze, validate, and address all reported security concerns.
In accordance with industry practices, Honeywell Aerospace does not share findings from internal security testing or other types of security activities with external entities.
Reporting a Potential Security Vulnerability
Honeywell Aerospace welcomes reports from independent researchers, industry organizations, vendors, and customers. To find out more information on how to report a potential vulnerability, please visit Vulnerability Reporting.
Bug Bounty Program
Honeywell Aerospace does not participate in a bug bounty program or provide any monetary incentives for discovering vulnerabilities. It is important to note that any unauthorized scan of our services and production systems will be considered an attack.
Report a Vulnerability
Reporting Instructions
Honeywell Aerospace encourages all individuals who have discovered a vulnerability in our offerings to report these findings so they can be addressed. However, certain items are out of scope if the reporter is seeking credit or faster prioritization. If you’re reporting multiple vulnerabilities or vulnerabilities in multiple products feel free to include in one submission.
Out of Scope
- Vulnerabilities have already been discovered and published in a CVE Record.
- Vulnerabilities found in offerings that are no longer supported.
- Vulnerabilities identified in offerings for which Honeywell has advised consumers to use the latest version or upgrade.
If the vulnerability affects a product, service or solution, email PSIRT@honeywellaerospace.com, with the following instructions/details:
Please encrypt using Honeywell’s public PGP key (see PGP Key page) and include the following:
- Product and version
- Description of the potential vulnerability
- Any special configuration required to reproduce the issue
- Step by step instructions to reproduce the issue
- Proof of concept or exploit code, if available
- Code Scan requires proof of exploitability
- Potential Impact
For all other security issues, email us at security@honeywellaerospace.com with the following instructions.
Please encrypt using Honeywell’s public PGP key and include the following:
- Website URL or location
- Type of vulnerability (XSS, Injection, etc.)
- Instructions to reproduce the vulnerability
- Proof of concept or exploit code, including how an attacker could exploit the vulnerability
- Potential impact
