ETSI has put in place a mechanism by which individuals or organisations can notify us of suspected or proven vulnerability caused by errors, omissions or ambiguities in ETSI standards, particularly those which could give rise to security breaches.
We take such threats seriously and will do our utmost to resolve any vulnerabilities notified to us. We encourage you, whether as an individual or as a representative of an organisation with an interest in cybersecurity , to provide as much information on detected vulnerabilities as possible using the on-line form. We will acknowledge all such declarations, and we guarantee that we will send the information to the appropriate ETSI Technical Group so that the problem can be analysed and resolved in as short a time as feasible. We will notify you when the vulnerability has been eliminated.
You may provide us with your name (real or an alias) and your email address so that we can get back to you with the final answer. We also ask that you give us permission to pass your name and email to the ETSI Technical Group or Groups which we identify as that or those most suitable for resolving the vulnerability. Alternatively, you may provide information anonymously, in which case we guarantee not to try to identify you, for example by your IP address.
Unless you make your declaration anonymously, we also ask whether you wish to be publicly identified as the author of the vulnerability report and listed in our hall of fame.
ETSI is responsible for the writing and issuing of Technical Specifications, but we are not responsible for proprietary equipment designed, build and tested to those Specifications.
We ask you not to share knowledge of the vulnerability with third parties until ETSI has resolved it, and of course we ask you not to exploit that vulnerability except inasmuch as this might be necessary to gather sufficient data necessary to report it to us.
