Trend Micro highly recommends that security researchers contact the Trend Micro's Product Security Incident Response Team (PSIRT) by sending an email to security@trendmicro.com.

Report a Vulnerability

• Submitters are encouraged to utilize Trend Micro’s Product Security PGP key (Key ID: 08FF-B553-F625-033A) to encrypt sensitive information sent to this address.
• A Trend Micro PSIRT Vulnerability Coordinator will acknowledge the receipt of the submission and then begin the process of collaborating with the submitter and Trend Micro product security engineers on validating, reproducing, and ultimately resolving the potential issue if it is confirmed to be a legitimate security vulnerability.
• Trend Micro's goal is to resolve confirmed vulnerabilities as quickly and thoroughly as possible, then efficiently distribute the resolution to affected customers.
• Since each vulnerability is unique, the time frames in which they are addressed can vary. Ongoing dialog is highly encouraged to best understand the vulnerability and possible risks.
• Responsible security researchers understand that customer security is a priority. This means customers are given ample time to deploy the fixes before any findings are released on a public forum, blog, or social media platform.
• If necessary, Trend Micro will release a security bulletin when a fix or mitigation is publicly available and will work with submitters on coordinated disclosures (if desired).
• Security bulletins will typically include CVE assignments if the vulnerability meets the necessary criteria, and Trend Micro is the recognized CVE Numbering Authority (CNA) issuer for CVEs that are attributed to Trend Micro products.

Trend Micro would like to thank the following security researchers and organizations for working with us to resolve one or more security vulnerabilities in our products and services. The names of individuals or organizations listed below have disclosed one or more security vulnerabilities and have actively worked with Trend Micro engineers to resolve these vulnerabilities.

The names of individuals and organizations appear below with their permission.

Disclosures for 2022

• Ahmed Abdul Rahman
  https://www.linkedin.com/in/ahmed-rahman-6b27b8224
• Amaranath Moger
  https://www.linkedin.com/in/amaranath-moger/
• changyi (常亦), 3imple0ne(何文杰)
  changyioo63@163.com
• Goutham A S
  https://www.linkedin.com/in/goutham-a-s-279992164/
• Jebarson Immanuel
  https://www.linkedin.com/in/jebarson-immanuel/
• Nikhil Rane
  https://www.linkedin.com/in/nikhil-rane-31733a217
• Ramansh Sharma
  https://www.linkedin.com/in/ramansh-sharma/

Disclosures for 2021

• 4n_curze (Ankur Vaidya)
  https://twitter.com/4N_CURZE
• Arshad. U
  https://www.linkedin.com/in/arshad-u-7a7045207
• Ashwin Suresh
  https://www.linkedin.com/in/ashwin-suresh-2018
• Bao Chau (CyRadar)
  https://www.linkedin.com/in/nhubaochau/
• blacksolo
  https://twitter.com/MBlacksolo
• Cuong Van Bui (VNCERT/CC)
  https://nsbvc.blogspot.com/
• Edgar Carrillo Egea
  Twitter - @ecarrilloeg
• Foysal Ahmed Fahim
  https://twitter.com/foysal1197
• Gaurang Maheta
  https://www.linkedin.com/in/gaurang883
• Gourab Sadhukhan
  https://www.linkedin.com/in/gourab-sadhukhan-71158216a
• Harinder Singh (S1N6H)
  https://www.linkedin.com/in/lambardar/
• Haris Ashraf
  https://www.linkedin.com/in/harisashraf1/
• Hieu Tran Nam
  https://www.linkedin.com/in/hieu-tran-nam-a17a8953
• Honc (章哲瑜)
  honcbb@gmail.com
• Husain Murabbi (cyber_humans)
  https://www.linkedin.com/in/husain-murabbi-cyberhumans/
• Ivan Šincek (Offensive Security Engineer)
  https://github.com/ivan-sincek
• Jaaziel Sam Carlos - Security Professional
  https://www.linkedin.com/in/jaaziel-carlos
• Joël Ettinger
  https://www.linkedin.com/in/joelettinger/
• Johnatan Camargo
  @johnk3r
• Julien REYNAUD
  Accor - Security Project Manager
• Kartik Khurana
  https://www.linkedin.com/in/kartik-khurana-878739175/
• Khan Jnany
  https://twitter.com/Reboot_Ex
• Mansoor Rangwala (cyber_humans)
  https://www.linkedin.com/in/mansoor-rangwala-cyberhumans/
• Marcos Nocetti
  www.marcosnocetti.com
• Movitz Sunar
  https://www.linkedin.com/in/movitz-sunar-12512b16a
• Omar Mahmoud
  https://www.linkedin.com/in/omar-mahmoud-58290311b/
• Parasect
  https://github.com/Parasect-Team
• Parth Srivastava (Protiviti India Member Private Limited)
  https://www.linkedin.com/in/parth-srivastava-2186587a
• Pooja Premchand Jaiswal
  https://www.linkedin.com/in/pooja-jaiswal-54797b166/
• Ranjit Adhikari
  https://twitter.com/RanjitAdhikar34
• Richard Davy – ECSC Group
  richard.davy@ecsc.co.uk
• Roman Chekhov / Yawergam
  http://linkedin.com/in/roman-chekhlov-81b42b152
• Sanjok Karki (TheSanjok)
  https://linkedin.com/in/sanjokkarki
• Sanyam Chawla
  https://www.linkedin.com/in/sanyam-chawla-a6344b1a0/
• Sepehr chegeni (morningst4r)
  Twitter - @Homelesscyber
• Shreyal Jain
  https://www.linkedin.com/in/shreyal-jain-123360192
• Shuvam Adhikari
  https://twitter.com/WHOISshuvam
• Siddharth Parashar
  https://www.linkedin.com/in/siddharth-parashar-b2a21b1b5/
• Wasi Junaidi
  https://www.linkedin.com/in/wasi-junaidi-20579291/
• Xavier DANEST - Decathlon
  hhttp://sustainability.decathlon.com/

Disclosures for 2020

• Ai Ho (@j3ssiejjj)
  https://linkedin.com/in/ai-ho-0525a710b/
• Arno Tsai
  caiarno777@gmail.com
• Astroicers (陳齊修)
  azz093093.830330@gmail.com
• bbbbohman
  bbbbohman@gmail.com
• BugStrix Team
  https://bugstrix.com
• Chi Tran
  https://ctrsec.io
• Dhanumaalaian.R
  https://www.linkedin.com/in/dhanumaalaian-r-b34338189/
• Duelim-Noth (沈彧璿)
  https://twitter.com/Noth72013441
• Faisal Mehmood
  https://www.linkedin.com/in/faisal-mehmood-3aa929197
• Hoang Quoc Thinh (@g4mm4)
  https://cyberjutsu.io
• Honc (章哲瑜)
  honcbb@gmail.com
• Hou JingYi (@hjy79425575)
  qihoo 360 CERT
• Hzllaga (宋昕岳)
  hzllaga@gmail.com
• Jaaziel Sam Carlos
  https://www.linkedin.com/in/jaaziel-carlos
• Jacob G. Deniega
  https://www.facebook.com/deniegajacob
• Johnatan Camargo
  www.linkedin.com/in/johnatancamargo
• Lasse Trolle Borup
  Danish Cyber Defence
• Julien Cretel (@jub0bs)
  Blog - https://jub0bs.com
  Twitter - https://twitter.com/jub0bs
• Marco Altenseuer, SPIRIT/21 GmbH
  https://www.spirit21.com
• Mark Jadek
  Blog - https://medium.com/@mase289
  Twitter - https://twitter.com/mase289
• Miguel Santareno
  https://www.linkedin.com/in/miguelsantareno
• Mohammad Hosein Askari
  https://www.linkedin.com/in/mohammadhoseinaskari
• Muhammad Usman
  https://www.linkedin.com/in/muhammad-usman-05711b126/
• Noth (沈彧璿)
  zxc7528064@gmail.com/
• Pankaj Kumar Thakur (Nepal)
  https://twitter.com/Nep_1337_1998
• Paras Arora
  CEO & Founder PAC Security LLP (https://www.linkedin.com/in/parasarora06)
• Pritam Mukherjee
  https://www.linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9/
• Raphael Karger
  https://www.linkedin.com/in/raphael-karger
• Si Thu
  https://www.facebook.com/sithu.1993/
• Sumit Grover
  https://twitter/sumgr0
• Talha Saeed
  fb.com/talhasaeed226
• Vikas Rawat
  https://www.linkedin.com/in/vikas-rawat-366640131
• Wai Yan Aung
  @waiyanaun9
• Xavier DANEST - Decathlon
  http://sustainability.decathlon.com/

Disclosures for 2019

• Aditra Andri Laksana
  https://twitter.com/Wayc0de
• Arif Khan
  https://twitter.com/payloadartist
• Asim Mahmood
  Security Researcher
• Athul Jayaram
  Security Researcher
• Attila Marosi-Bauer
  Hacktivity Lab
• Ben Leonard-Lagarde
  Security Researcher
• BlackSpace 黑杜科技
  https://blackspace.com.tw
• Cody Ward
  Risker Cyber Security & Finance
• Dhiraj Mishra
  @RandomDhiraj
• Fabergé
  hackerone.com/faberge
• Harsh Joshi
  https://www.linkedin.com/in/harsh-joshi-107397160
• Honc (章哲瑜)
  honcbb@gmail.com
• Jaaziel Sam Carlos
  https://www.linkedin.com/in/jaaziel-carlos
• Jhang Jhe Yu
  Security Researcher
• Joel Verghese (KrizzSK)
  https://mobile.twitter.com/joelverghese1
• John Page aka hyp3rlinx
  http://hyp3rlinx.altervista.org/
• Johnatan Camargo from PBI | Dynamic IT Security
  www.linkedin.com/in/johnatancamargo
• Kamal Elsayed Hussein
  https://www.linkedin.com/in/kamalinux
• Kushagra Pathak
  https://twitter.com/xKushagra
• Lacroute Serge
  https://www.linkedin.com/in/serge-lacroute-677a3b134/
• Mart Gil Robles
  Pinoy Security Researcher
• Mohamed Fadel Khaled Bakir Ali
  fb.me/CPUKi11er
• Muhammad Osama
  https://www.linkedin.com/in/muhammad-osama-5a51a9bb
• Nafiez
  https://twitter.com/zeifan (@zeifan)
• Oliveira Lima Jr.
  Rootlabs
• Pankaj Kumar Thakur (Nepal)
  https://twitter.com/Nep_1337_1998
• Ronak Nahar
  https://www.linkedin.com/in/naharronak/
• Sameer Phad (@sameerphad72)
  twitter.com/sameerphad72
• Silton (Tempest Security Intelligence)
  https://www.tempest.com.br/
• Shady Gamal
  HOF
• Trần Văn Khang (aka Khang Kì Tổ)
  Infiniti Team, VinCSS (a member of Vingroup)
• Thurein Soe
  @NyaMeeEain87
• Wai Yan Aung
  @waiyanaun9
• Xavier DANEST - Decathlon
  http://sustainability.decathlon.com/
• Youssef A. Mohamed (GeneralEG)
  https://generaleg0x01.com
• Zach Edwards
  https://www.victorymedium.com
• Zeel D. Chavda
  https://twitter.com/ChavdaZeel
• 韶 (8/29)
  Taiwan Security Researcher

Disclosures for 2018

• Abdulkadir Mutlu
  https://akmsoftware.co.uk
• Abdullah H. AlJaber (@al_jaber)
  http://AJ.SA
• Amr Salah
  https://www.linkedin.com/in/Amr-Salah-K
• Arın Doruk Çelikel
  https://www.linkedin.com/in/adcelikel/
• Athul Jayaram
  http://athuljayaram.com
• B.Dhiyaneshwaran
  https://www.linkedin.com/in/dhiyaneshwaran-b-27947a131/
• Black Space (黑杜科技)
  https://blackspace.com.tw
• Chieh Yu
  @welkineins
• Dan Fabro
  https://www.twitter.com/0x61_
• Dinesh Manoharan
  fb.com/DinaHkr
• Geethu Sivakumar
  CEO, Pace Hitech | www.pacehitech.com
• Gehan Kaushal
  https://www.linkedin.com/in/gehan-kaushal-563ab2159/
• Hassy Vinod
  https://www.linkedin.com/in/hassy-vinod/
• HeinHtetAung(UCSMGY)
  fb.com/mamakochitdl
• Honc (章哲瑜)
  honcbb@gmail.com
• Honc (陳逸璋)
  server@blackspace.com.tw
• İsmail Şentürk
  https://www.linkedin.com/in/ilsen/
• Jaaziel Sam Carlos
  https://www.linkedin.com/in/jaaziel-carlos/
• Jhang Jhe Yu
  Security Researcher
• Jithin D Kurup
  https://www.linkedin.com/in/jithin-d-kurup-77b616142
• Kağan IŞILDAK
  @kaganisildak, Gais Security
• Kdiag Haci
  Taiwan No.1
• Ketan Madhukar Mukane
  fb.com/eSecHax0r | https://bit.ly/2DfnZs5
• M. Eren Buyru
  https://tr.linkedin.com/in/eren-buyru-794475b2
• Macall Salugsugan
  Individual
• Michael Bailey
  FLARE Team at Mandiant, a FireEye Company
• Muhammad Uwais
  https://twitter.com/muhd_uwais_
• Noriaki Iwasaki
  Cyber Defense Institute, Inc.
• Onc 章 - 張書豪
  @honcbb
• Pranshu Tiwari
  https://www.linkedin.com/in/pranshu-tiwari-b5759b158
• Phong Tran (nekard)
  https://www.linkedin.com/in/phongtnq/
• Rasheed T
  fb.com/rasheedt0
• Ratnadip Gajbhiye (Mr.Ch4rLi3)
  fb.com/Mr.Ch4rLi3v
• Rehan Arain
  fb.com/sunny.arain1
• Remesh Ramachandran
  www.remeshr.com
• Rico A. Silvallana
  Security Researcher
• Ryan Warns
  FLARE Team at Mandiant, a FireEye Company
• S Naveen Kumar
  https://www.linkedin.com/in/naveen-kumar-s-24076510b
• Suhas Sunil Gaikwad
  https://www.twitter.com/IamSuhasGaikwad
• Syed Sohaib Karim
  http://linkedin.com/in/syedsohaibkarim
• Wai Yan Aung
  @waiyanaun9
• Wen Bin Kong
  https://www.linkedin.com/in/kongwenbin | @kongwenbin
• ZHANG ZHE YU
  Houbi Dist.

Disclosures for 2017

• Aaron Devaney
  https://twitter.com/dodekeract
• Adesh Nandkishor Kolte
  GPJalgaon
• Ahsankhan
  fb.com/anonymouq
• Alec Blance
  fb.com/anonymouq
• Arbin Godar
  https://arbin.io/
• Bart Leppens
  Individual
• Black Space (黑杜科技)
  https://blackspace.com.tw/
• Dinesh Manoharan
  fb.com/DinaHkr
• Eliran Itzhak
  http://bit.ly/2p3mNAf
• Florian Charbonneau
  http://bit.ly/2qGGBcR
• Gamiel Xavier V. Manbiotan
  fb.com/Yokairenki
• Geethu Sivakumar
  CEO, Pace Hitech | www.pacehitech.com
• Himanshu Mehta
  https://in.linkedin.com/in/himanshumehta21
• Himanshu Rahi
  Individual
• Ho_nc(章哲瑜)
  http://bit.ly/2whbve4
• Honc (章哲瑜)
  honcbb@gmail.com
• Honc - 章哲瑜
  https://twitter.com/honcbb
• John Carroll
  Https://ctus.io/
• Jolan Saluria
  fb.com/jlnslr
• Khair Alhamad
  twitter.com/Khair_Alhamad
• Mahmoud Abdelmonem
  https://www.linkedin.com/in/mahmoudmohammed/
• Md. Nur A Alam Dipu
  fb.com/nuraalam.dipu2
• Mohammed Israil
  fb.com/VillageLad
• Muhammad Osama
  http://bit.ly/2l5Yq3i
• Natanmai Deepak Sundararajan
  (K.L.N.C.I.T)
• Pal Patel
  https://www.linkedin.com/in/pal434/
• Peter Lapp
  https://www.linkedin.com/in/lappsec
• Pratik Luhana
  https://in.linkedin.com/in/pratik-luhana-69b403105
• Richard Alviarez
  twitter.com/queseguridad
• Sadik Shaikh
  https://www.extremehacking.org
• Suvadip Kar
  https://suvadipkar.com
• Suyog Palav
  http://bit.ly/2qL0Ylv
• Trí Cao Hơn Núi
  Con cháu của Nùng Trí Cao
• Vasim Shaikh
  https://www.linkedin.com/in/vasim-shaikh-094507110
• Vineet Kumar
  http://bit.ly/2h4JMoy
• Wai Yan Aung
  @waiyanaun9
• Zawad Bin Hafiz
  http://bit.ly/2wYPWfo

Disclosures for 2016

• Amine Hm
  fb.me/AMiN3.HM
• Aniket Pawar
  bit.ly/1XJetMT
• Armaan Pathan
  on.fb.me/204Vmgh
• Ashutosh Barot
  www.ashutoshbarot.com
• Center of Information Security, Kyrgyzstan
  https://cis.kg
• Emad Abou Shanab
  fb.me/red.heart.56679 | @Alra3ees
• Evan Ricafort
  Invalid Web Security | www.evanricafort.com
• Gregory Draperi
  http://bit.ly/2cgn9gk
• Himanshu Mehta
  bit.ly/2bztlzH
• Iwo Graj
  CERT Orange Polska | schain.only.pl
• Jerold Camacho
  Invalid Web Security | jeroldcamacho.info
• John Page aka hyp3rlinx
  http://hyp3rlinx.altervista.org/
• Jose Carlos Exposito Bueno
  Researcher
• Jun Kokatsu
  KDDI Singapore Dubai Branch
• Kamran Saifullah
  Ch Mansab Ali | www.C-AtraX.com
• Karim Rahal
  @KarimPwnz
• Kaushik Roy
  bit.ly/1pHDbCm
• Mansoor Gilal
  fb.com/mansoor.gilal1
• Muhammad Mudassar Yamin
  http://bit.ly/2eAGhng
• Oliveira Lima JR
  rootlabs.com.br | @oliveiralimajr
• Quentin Kaiser
  @qkaiser
• Sachin Wagh
  @tiger_tigerboy
• SaifAllah benMassaoud
  Government Laboratory & Evolution Security GmbH
• Shawar Khan
  on.fb.me/1R5Lv4T
• Shehu Awwal
  www.shehuawwal.com
• Shivram Chouhan
  http://bit.ly/2fyqZAe
• Spyridon Chatzimichail
  OTE Hellenic Telecommunications Organization S.A
• Sumit Sahoo
  www.sumitsahoo.com
• Tayyab Qadir
  fb.me/tqMr.EditOr
• Travis Emmert
  bit.ly/1T6Io2Y
• Wayne Low
  FortiGuard Labs | @x9090
• YoKo Kho
  Mitra Integrasi Informatika, PT - Consulting & Advisory Svc. Dept. | @yokoacc
• Zawad Bin Hafiz
  www.sekafy.com
• Zeeshan
  fb.com/zeex.zeeshan

Disclosures for 2015

• AbderrazakYS
  on.fb.me/abderrazak.404
• Ahmed Adel Abdelfattah
  fb.me/00SystemError00
• Ahmed Jerbi
  on.fb.me/1fwQTTy
• Ali Hassan Ghori
  @alihasanghauri
• Ali Salem Saeed (Ali BawazeEer)
  bit.ly/1io8QF9
• Christian Galeone
  linkd.in/1UC8gT2
• Jayaram Yalla
  Individual
• John Page aka hyp3rlinx
  http://hyp3rlinx.altervista.org/
• k.karthickumar (Ramanathapuram)
  Individual
• Kevin Michael Joensen
  Secu A/S
• Khair Alhamad
  http://bit.ly/1Q9EC5P
• Konduru Jashwanth
  on.fb.me/1JUg0rd
• Lawrence Amer
  Individual
• Mohamed A. Baset
  Seekurity Inc.
• Mohamed Chamli
  on.fb.me/TnMcH
• Mohamed Khaled Fathy
  fb.me/Squnity
• Nathan Young
  E-Secure Australia
• Nithish M. Varghese
  on.fb.me/nithish.varghese
• Pradeep Kumar
  on.fb.me/pradeepch99
• Praveen Ananthoji
  Individual
• Ramin Farajpour
  @MF4rr3ll
• Roberto Zanga
  Individual
• Roy Jansen
  Individual
• SaifAllah benMassaoud
  on.fb.me/1Mj7Kpq
• Sajibe Kanti
  http://eesec.org
• Salman Khan
  Individual
• Saurabh Pundir
  on.fb.me/sauby007
• Shivam Kumar Agarwal
  on.fb.me/shivamkumar.agarwal.9
• Siddhartha Tripathy
  sg.linkedin.com/in/sidsg
• Sravan Kudikyala
  Individual
• Sumit Sahoo
  fb.me/54H00
• Vishwaraj Bhattrai
  on.fb.me/1Q0OmwQ

We would also like to thank the security researchers and organizations who wished not to be listed.

To report a potential security issue with any of Trend Micro Products, refer to this section: Report a Vulnerability.

Trend Micro's PSIRT is an active member of the following organizations: