Vulnerability Responses
Trend Micro endeavors to develop and release products that meet the highest standards of quality and security. However, there are rare occasions where an unintended vulnerability may be discovered due to various reasons, including new types of exploits that may be developed after the release of a product.
We take and investigate every vulnerability report very seriously and we are committed to thoroughly resolving any issues in a timely manner. Trend Micro follows the guidelines of responsible disclosure to ensure its customers address potential vulnerabilities as quickly as possible to mitigate associated risks.
Vulnerability Definition
A Security Vulnerability is defined as a weakness or flaw found in a product or related service component(s) that could be exploited. It may allow an attacker to compromise the product's integrity. At the same time, it may undermine the regular behavior of the product even when properly deployed in supported configuration. This includes situations wherein the confidentiality (e.g. source code) of a product or service component(s) may be negatively affected.
Traditional product bugs and malware can also negatively affect the operation of a product. However, for the purpose of this process, these are not included in the definition of a security vulnerability.
Trend Micro highly recommends that security researchers contact the Trend Micro's Product Security Incident Response Team (PSIRT) by sending an email to security@trendmicro.com.
- Submitters are encouraged to utilize Trend Micro’s Product Security PGP key (Key ID: 08FF-B553-F625-033A) to encrypt sensitive information sent to this address.
- A Trend Micro PSIRT Vulnerability Coordinator will acknowledge the receipt of the submission and then begin the process of collaborating with the submitter and Trend Micro product security engineers on validating, reproducing, and ultimately resolving the potential issue if it is confirmed to be a legitimate security vulnerability.
- Trend Micro's goal is to resolve confirmed vulnerabilities as quickly and thoroughly as possible, then efficiently distribute the resolution to affected customers.
- Since each vulnerability is unique, the time frames in which they are addressed can vary. Ongoing dialog is highly encouraged to best understand the vulnerability and possible risks.
- Responsible security researchers understand that customer security is a priority. This means customers are given ample time to deploy the fixes before any findings are released on a public forum, blog, or social media platform.
- If necessary, Trend Micro will release a security bulletin when a fix or mitigation is publicly available and will work with submitters on coordinated disclosures (if desired).
- Security bulletins will typically include CVE assignments if the vulnerability meets the necessary criteria, and Trend Micro is the recognized CVE Numbering Authority (CNA) issuer for CVEs that are attributed to Trend Micro products.
Vulnerability | Products | Last Updated | Date Published |
---|
Vulnerability | Products | Last Updated | Date Published |
---|
Trend Micro would like to thank the following security researchers and organizations for working with us to resolve one or more security vulnerabilities in our products and services. The names of individuals or organizations listed below have disclosed one or more security vulnerabilities and have actively worked with Trend Micro engineers to resolve these vulnerabilities.
The names of individuals and organizations appear below with their permission.
Disclosures for 2022
- Ahmed Abdul Rahmanhttps://www.linkedin.com/in/ahmed-rahman-6b27b8224
- Amaranath Mogerhttps://www.linkedin.com/in/amaranath-moger/
- changyi (常亦), 3imple0ne(何文杰)changyioo63@163.com
- Goutham A Shttps://www.linkedin.com/in/goutham-a-s-279992164/
- Jebarson Immanuelhttps://www.linkedin.com/in/jebarson-immanuel/
- Nikhil Ranehttps://www.linkedin.com/in/nikhil-rane-31733a217
- Ramansh Sharmahttps://www.linkedin.com/in/ramansh-sharma/
Disclosures for 2021
- 4n_curze (Ankur Vaidya)https://twitter.com/4N_CURZE
- Arshad. Uhttps://www.linkedin.com/in/arshad-u-7a7045207
- Ashwin Sureshhttps://www.linkedin.com/in/ashwin-suresh-2018
- Bao Chau (CyRadar)https://www.linkedin.com/in/nhubaochau/
- blacksolohttps://twitter.com/MBlacksolo
- Cuong Van Bui (VNCERT/CC)https://nsbvc.blogspot.com/
- Edgar Carrillo EgeaTwitter - @ecarrilloeg
- Foysal Ahmed Fahimhttps://twitter.com/foysal1197
- Gaurang Mahetahttps://www.linkedin.com/in/gaurang883
- Gourab Sadhukhanhttps://www.linkedin.com/in/gourab-sadhukhan-71158216a
- Harinder Singh (S1N6H)https://www.linkedin.com/in/lambardar/
- Haris Ashrafhttps://www.linkedin.com/in/harisashraf1/
- Hieu Tran Namhttps://www.linkedin.com/in/hieu-tran-nam-a17a8953
- Honc (章哲瑜)honcbb@gmail.com
- Husain Murabbi (cyber_humans)https://www.linkedin.com/in/husain-murabbi-cyberhumans/
- Ivan Šincek (Offensive Security Engineer)https://github.com/ivan-sincek
- Jaaziel Sam Carlos - Security Professionalhttps://www.linkedin.com/in/jaaziel-carlos
- Joël Ettingerhttps://www.linkedin.com/in/joelettinger/
- Johnatan Camargo@johnk3r
- Julien REYNAUDAccor - Security Project Manager
- Kartik Khuranahttps://www.linkedin.com/in/kartik-khurana-878739175/
- Khan Jnanyhttps://twitter.com/Reboot_Ex
- Mansoor Rangwala (cyber_humans)https://www.linkedin.com/in/mansoor-rangwala-cyberhumans/
- Marcos Nocettiwww.marcosnocetti.com
- Movitz Sunarhttps://www.linkedin.com/in/movitz-sunar-12512b16a
- Omar Mahmoudhttps://www.linkedin.com/in/omar-mahmoud-58290311b/
- Parasecthttps://github.com/Parasect-Team
- Parth Srivastava (Protiviti India Member Private Limited)https://www.linkedin.com/in/parth-srivastava-2186587a
- Pooja Premchand Jaiswalhttps://www.linkedin.com/in/pooja-jaiswal-54797b166/
- Ranjit Adhikarihttps://twitter.com/RanjitAdhikar34
- Richard Davy – ECSC Grouprichard.davy@ecsc.co.uk
- Roman Chekhov / Yawergamhttp://linkedin.com/in/roman-chekhlov-81b42b152
- Sanjok Karki (TheSanjok)https://linkedin.com/in/sanjokkarki
- Sanyam Chawlahttps://www.linkedin.com/in/sanyam-chawla-a6344b1a0/
- Sepehr chegeni (morningst4r)Twitter - @Homelesscyber
- Shreyal Jainhttps://www.linkedin.com/in/shreyal-jain-123360192
- Shuvam Adhikarihttps://twitter.com/WHOISshuvam
- Siddharth Parasharhttps://www.linkedin.com/in/siddharth-parashar-b2a21b1b5/
- Wasi Junaidihttps://www.linkedin.com/in/wasi-junaidi-20579291/
- Xavier DANEST - Decathlonhhttp://sustainability.decathlon.com/
Disclosures for 2020
- Ai Ho (@j3ssiejjj)https://linkedin.com/in/ai-ho-0525a710b/
- Arno Tsaicaiarno777@gmail.com
- Astroicers (陳齊修)azz093093.830330@gmail.com
- bbbbohmanbbbbohman@gmail.com
- BugStrix Teamhttps://bugstrix.com
- Chi Tranhttps://ctrsec.io
- Dhanumaalaian.Rhttps://www.linkedin.com/in/dhanumaalaian-r-b34338189/
- Duelim-Noth (沈彧璿)https://twitter.com/Noth72013441
- Faisal Mehmoodhttps://www.linkedin.com/in/faisal-mehmood-3aa929197
- Hoang Quoc Thinh (@g4mm4)https://cyberjutsu.io
- Honc (章哲瑜)honcbb@gmail.com
- Hou JingYi (@hjy79425575)qihoo 360 CERT
- Hzllaga (宋昕岳)hzllaga@gmail.com
- Jaaziel Sam Carloshttps://www.linkedin.com/in/jaaziel-carlos
- Jacob G. Deniegahttps://www.facebook.com/deniegajacob
- Johnatan Camargowww.linkedin.com/in/johnatancamargo
- Lasse Trolle BorupDanish Cyber Defence
- Julien Cretel (@jub0bs)Blog - https://jub0bs.com
Twitter - https://twitter.com/jub0bs - Marco Altenseuer, SPIRIT/21 GmbHhttps://www.spirit21.com
- Mark JadekBlog - https://medium.com/@mase289
Twitter - https://twitter.com/mase289 - Miguel Santarenohttps://www.linkedin.com/in/miguelsantareno
- Mohammad Hosein Askarihttps://www.linkedin.com/in/mohammadhoseinaskari
- Muhammad Usmanhttps://www.linkedin.com/in/muhammad-usman-05711b126/
- Noth (沈彧璿)zxc7528064@gmail.com/
- Pankaj Kumar Thakur (Nepal)https://twitter.com/Nep_1337_1998
- Paras AroraCEO & Founder PAC Security LLP (https://www.linkedin.com/in/parasarora06)
- Pritam Mukherjeehttps://www.linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9/
- Raphael Karger https://www.linkedin.com/in/raphael-karger
- Si Thuhttps://www.facebook.com/sithu.1993/
- Sumit Grover https://twitter/sumgr0
- Talha Saeedfb.com/talhasaeed226
- Vikas Rawathttps://www.linkedin.com/in/vikas-rawat-366640131
- Wai Yan Aung@waiyanaun9
- Xavier DANEST - Decathlonhttp://sustainability.decathlon.com/
Disclosures for 2019
- Aditra Andri Laksanahttps://twitter.com/Wayc0de
- Arif Khanhttps://twitter.com/payloadartist
- Asim MahmoodSecurity Researcher
- Athul JayaramSecurity Researcher
- Attila Marosi-BauerHacktivity Lab
- Ben Leonard-LagardeSecurity Researcher
- BlackSpace 黑杜科技https://blackspace.com.tw
- Cody WardRisker Cyber Security & Finance
- Dhiraj Mishra@RandomDhiraj
- Fabergéhackerone.com/faberge
- Harsh Joshihttps://www.linkedin.com/in/harsh-joshi-107397160
- Honc (章哲瑜)honcbb@gmail.com
- Jaaziel Sam Carloshttps://www.linkedin.com/in/jaaziel-carlos
- Jhang Jhe YuSecurity Researcher
- Joel Verghese (KrizzSK)https://mobile.twitter.com/joelverghese1
- John Page aka hyp3rlinxhttp://hyp3rlinx.altervista.org/
- Johnatan Camargo from PBI | Dynamic IT Securitywww.linkedin.com/in/johnatancamargo
- Kamal Elsayed Husseinhttps://www.linkedin.com/in/kamalinux
- Kushagra Pathakhttps://twitter.com/xKushagra
- Lacroute Sergehttps://www.linkedin.com/in/serge-lacroute-677a3b134/
- Mart Gil RoblesPinoy Security Researcher
- Mohamed Fadel Khaled Bakir Alifb.me/CPUKi11er
- Muhammad Osamahttps://www.linkedin.com/in/muhammad-osama-5a51a9bb
- Nafiezhttps://twitter.com/zeifan (@zeifan)
- Oliveira Lima Jr.Rootlabs
- Pankaj Kumar Thakur (Nepal)https://twitter.com/Nep_1337_1998
- Ronak Naharhttps://www.linkedin.com/in/naharronak/
- Sameer Phad (@sameerphad72)twitter.com/sameerphad72
- Silton (Tempest Security Intelligence)https://www.tempest.com.br/
- Shady GamalHOF
- Trần Văn Khang (aka Khang Kì Tổ)Infiniti Team, VinCSS (a member of Vingroup)
- Thurein Soe@NyaMeeEain87
- Wai Yan Aung@waiyanaun9
- Xavier DANEST - Decathlonhttp://sustainability.decathlon.com/
- Youssef A. Mohamed (GeneralEG) https://generaleg0x01.com
- Zach Edwardshttps://www.victorymedium.com
- Zeel D. Chavdahttps://twitter.com/ChavdaZeel
- 韶 (8/29)Taiwan Security Researcher
Disclosures for 2018
- Abdulkadir Mutluhttps://akmsoftware.co.uk
- Abdullah H. AlJaber (@al_jaber)http://AJ.SA
- Amr Salahhttps://www.linkedin.com/in/Amr-Salah-K
- Arın Doruk Çelikelhttps://www.linkedin.com/in/adcelikel/
- Athul Jayaramhttp://athuljayaram.com
- B.Dhiyaneshwaranhttps://www.linkedin.com/in/dhiyaneshwaran-b-27947a131/
- Black Space (黑杜科技)https://blackspace.com.tw
- Chieh Yu@welkineins
- Dan Fabrohttps://www.twitter.com/0x61_
- Dinesh Manoharanfb.com/DinaHkr
- Geethu SivakumarCEO, Pace Hitech | www.pacehitech.com
- Gehan Kaushalhttps://www.linkedin.com/in/gehan-kaushal-563ab2159/
- Hassy Vinodhttps://www.linkedin.com/in/hassy-vinod/
- HeinHtetAung(UCSMGY)fb.com/mamakochitdl
- Honc (章哲瑜)honcbb@gmail.com
- Honc (陳逸璋)server@blackspace.com.tw
- İsmail Şentürkhttps://www.linkedin.com/in/ilsen/
- Jaaziel Sam Carloshttps://www.linkedin.com/in/jaaziel-carlos/
- Jhang Jhe YuSecurity Researcher
- Jithin D Kuruphttps://www.linkedin.com/in/jithin-d-kurup-77b616142
- Kağan IŞILDAK@kaganisildak, Gais Security
- Kdiag HaciTaiwan No.1
- Ketan Madhukar Mukanefb.com/eSecHax0r | https://bit.ly/2DfnZs5
- M. Eren Buyruhttps://tr.linkedin.com/in/eren-buyru-794475b2
- Macall SalugsuganIndividual
- Michael BaileyFLARE Team at Mandiant, a FireEye Company
- Muhammad Uwaishttps://twitter.com/muhd_uwais_
- Noriaki IwasakiCyber Defense Institute, Inc.
- Onc 章 - 張書豪@honcbb
- Pranshu Tiwarihttps://www.linkedin.com/in/pranshu-tiwari-b5759b158
- Phong Tran (nekard)https://www.linkedin.com/in/phongtnq/
- Rasheed Tfb.com/rasheedt0
- Ratnadip Gajbhiye (Mr.Ch4rLi3)fb.com/Mr.Ch4rLi3v
- Rehan Arainfb.com/sunny.arain1
- Remesh Ramachandranwww.remeshr.com
- Rico A. SilvallanaSecurity Researcher
- Ryan WarnsFLARE Team at Mandiant, a FireEye Company
- S Naveen Kumarhttps://www.linkedin.com/in/naveen-kumar-s-24076510b
- Suhas Sunil Gaikwadhttps://www.twitter.com/IamSuhasGaikwad
- Syed Sohaib Karimhttp://linkedin.com/in/syedsohaibkarim
- Wai Yan Aung@waiyanaun9
- Wen Bin Kong https://www.linkedin.com/in/kongwenbin | @kongwenbin
- ZHANG ZHE YU Houbi Dist.
Disclosures for 2017
- Aaron Devaneyhttps://twitter.com/dodekeract
- Adesh Nandkishor KolteGPJalgaon
- Ahsankhanfb.com/anonymouq
- Alec Blance fb.com/anonymouq
- Arbin Godarhttps://arbin.io/
- Bart LeppensIndividual
- Black Space (黑杜科技)https://blackspace.com.tw/
- Dinesh Manoharanfb.com/DinaHkr
- Eliran Itzhak http://bit.ly/2p3mNAf
- Florian Charbonneauhttp://bit.ly/2qGGBcR
- Gamiel Xavier V. Manbiotanfb.com/Yokairenki
- Geethu SivakumarCEO, Pace Hitech | www.pacehitech.com
- Himanshu Mehtahttps://in.linkedin.com/in/himanshumehta21
- Himanshu RahiIndividual
- Ho_nc(章哲瑜)http://bit.ly/2whbve4
- Honc (章哲瑜)honcbb@gmail.com
- Honc - 章哲瑜https://twitter.com/honcbb
- John CarrollHttps://ctus.io/
- Jolan Saluriafb.com/jlnslr
- Khair Alhamadtwitter.com/Khair_Alhamad
- Mahmoud Abdelmonemhttps://www.linkedin.com/in/mahmoudmohammed/
- Md. Nur A Alam Dipufb.com/nuraalam.dipu2
- Mohammed Israilfb.com/VillageLad
- Muhammad Osamahttp://bit.ly/2l5Yq3i
- Natanmai Deepak Sundararajan(K.L.N.C.I.T)
- Pal Patelhttps://www.linkedin.com/in/pal434/
- Peter Lapphttps://www.linkedin.com/in/lappsec
- Pratik Luhanahttps://in.linkedin.com/in/pratik-luhana-69b403105
- Richard Alviareztwitter.com/queseguridad
- Sadik Shaikhhttps://www.extremehacking.org
- Suvadip Karhttps://suvadipkar.com
- Suyog Palavhttp://bit.ly/2qL0Ylv
- Trí Cao Hơn NúiCon cháu của Nùng Trí Cao
- Vasim Shaikhhttps://www.linkedin.com/in/vasim-shaikh-094507110
- Vineet Kumarhttp://bit.ly/2h4JMoy
- Wai Yan Aung@waiyanaun9
- Zawad Bin Hafizhttp://bit.ly/2wYPWfo
Disclosures for 2016
- Amine Hmfb.me/AMiN3.HM
- Aniket Pawarbit.ly/1XJetMT
- Armaan Pathanon.fb.me/204Vmgh
- Ashutosh Barotwww.ashutoshbarot.com
- Center of Information Security, Kyrgyzstanhttps://cis.kg
- Emad Abou Shanabfb.me/red.heart.56679 | @Alra3ees
- Evan RicafortInvalid Web Security | www.evanricafort.com
- Gregory Draperihttp://bit.ly/2cgn9gk
- Himanshu Mehtabit.ly/2bztlzH
- Iwo GrajCERT Orange Polska | schain.only.pl
- Jerold CamachoInvalid Web Security | jeroldcamacho.info
- John Page aka hyp3rlinxhttp://hyp3rlinx.altervista.org/
- Jose Carlos Exposito BuenoResearcher
- Jun KokatsuKDDI Singapore Dubai Branch
- Kamran SaifullahCh Mansab Ali | www.C-AtraX.com
- Karim Rahal@KarimPwnz
- Kaushik Roybit.ly/1pHDbCm
- Mansoor Gilalfb.com/mansoor.gilal1
- Muhammad Mudassar Yaminhttp://bit.ly/2eAGhng
- Oliveira Lima JRrootlabs.com.br | @oliveiralimajr
- Quentin Kaiser@qkaiser
- Sachin Wagh@tiger_tigerboy
- SaifAllah benMassaoudGovernment Laboratory & Evolution Security GmbH
- Shawar Khanon.fb.me/1R5Lv4T
- Shehu Awwalwww.shehuawwal.com
- Shivram Chouhanhttp://bit.ly/2fyqZAe
- Spyridon ChatzimichailOTE Hellenic Telecommunications Organization S.A
- Sumit Sahoowww.sumitsahoo.com
- Tayyab Qadirfb.me/tqMr.EditOr
- Travis Emmertbit.ly/1T6Io2Y
- Wayne LowFortiGuard Labs | @x9090
- YoKo KhoMitra Integrasi Informatika, PT - Consulting & Advisory Svc. Dept. | @yokoacc
- Zawad Bin Hafizwww.sekafy.com
- Zeeshanfb.com/zeex.zeeshan
Disclosures for 2015
- AbderrazakYSon.fb.me/abderrazak.404
- Ahmed Adel Abdelfattahfb.me/00SystemError00
- Ahmed Jerbion.fb.me/1fwQTTy
- Ali Hassan Ghori@alihasanghauri
- Ali Salem Saeed (Ali BawazeEer)bit.ly/1io8QF9
- Christian Galeonelinkd.in/1UC8gT2
- Jayaram YallaIndividual
- John Page aka hyp3rlinxhttp://hyp3rlinx.altervista.org/
- k.karthickumar (Ramanathapuram)Individual
- Kevin Michael JoensenSecu A/S
- Khair Alhamadhttp://bit.ly/1Q9EC5P
- Konduru Jashwanthon.fb.me/1JUg0rd
- Lawrence AmerIndividual
- Mohamed A. BasetSeekurity Inc.
- Mohamed Chamlion.fb.me/TnMcH
- Mohamed Khaled Fathyfb.me/Squnity
- Nathan YoungE-Secure Australia
- Nithish M. Vargheseon.fb.me/nithish.varghese
- Pradeep Kumaron.fb.me/pradeepch99
- Praveen AnanthojiIndividual
- Ramin Farajpour@MF4rr3ll
- Roberto ZangaIndividual
- Roy JansenIndividual
- SaifAllah benMassaoudon.fb.me/1Mj7Kpq
- Sajibe Kantihttp://eesec.org
- Salman KhanIndividual
- Saurabh Pundiron.fb.me/sauby007
- Shivam Kumar Agarwalon.fb.me/shivamkumar.agarwal.9
- Siddhartha Tripathysg.linkedin.com/in/sidsg
- Sravan KudikyalaIndividual
- Sumit Sahoofb.me/54H00
- Vishwaraj Bhattraion.fb.me/1Q0OmwQ
We would also like to thank the security researchers and organizations who wished not to be listed.
To report a potential security issue with any of Trend Micro Products, refer to this section: Report a Vulnerability.
Trend Micro's PSIRT is an active member of the following organizations:
Organization | Role | Website |
---|---|---|
Trend Micro is the primary CVE Numbering Authority (CNA) for issuing CVEs for vulnerabilities in Trend Micro Products. | CVE - CVE Numbering Authorities (mitre.org) | |
Trend Micro PSIRT is a member of Forum of Incident Response and Security Teams (FIRST). | FIRST Teams |