Chat with us
Loader
Establishing connection, please wait while we connect you.

The new and improved Support and Downloads pages are now live! You asked, and we listened. Visit the Support and Downloads Experience page to learn more about this update.

Zebra Vulnerability Disclosure

Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion.  Vulnerability disclosure is a vital component to our Secure Through Partnership approach; enabling our customers to manage risk properly through awareness and guidance.  All Zebra products security bulletins and notifications are posted to the Zebra Security Alerts webpage.

Email icon
1. Report
1. Report

Zebra embraces vulnerability reports from security researchers, customers, third-party component vendors, and other external groups that want to report a vulnerability in a Zebra Product/Solution (VDP reporting page).

Data analytics icon
2. Triage
2. Triage

Zebra partners with the vulnerability reporter to investigate and confirm the vulnerability.  Once validated, Zebra’s vulnerability management team coordinates with Zebra product/solutions teams to determine the scope, severity, and appropriate actions needed to respond to the vulnerability.  

Group of people icon
3. Coordinate
3. Coordinate

Zebra will perform a risk assessment and conduct validation and remediation planning, prior to notifying customers through one or more of the following methods:

  • LifeGuard Page
  • Release Notes
  • Third Party Support Bulletin
  • Product Marketing Bulletin 
Knowledge articles icon
4. Disclosure
4. Disclosure

Through coordinated vulnerability disclosure, Zebra publishes notifications to Security Alerts Page.  For maximum awareness, Zebra, as appropriate, will report vulnerabilities to MITRE to have a Common Vulnerabilities and Exposures (CVE) assigned.