Chat with us
Establishing connection, please wait while we connect you.

Zebra Vulnerability Disclosure

Zebra has established a standard practice of seeking, communicating, and addressing product security issues in a timely fashion.  Vulnerability disclosure is a vital component to our Secure Through Partnership approach; enabling our customers to manage risk properly through awareness and guidance.  All Zebra products security bulletins and notifications are posted to the Zebra Security Alerts webpage.

1. Report

Zebra embraces vulnerability reports from security researchers, customers, third-party component vendors, and other external groups that want to report a vulnerability in a Zebra Product/Solution (VDP reporting page).

2. Triage

Zebra partners with the vulnerability reporter to investigate and confirm the vulnerability.  Once validated, Zebra’s vulnerability management team coordinates with Zebra product/solutions teams to determine the scope, severity, and appropriate actions needed to respond to the vulnerability.  

3. Coordinate

Zebra will perform a risk assessment and conduct validation and remediation planning, prior to notifying customers through one or more of the following methods:

  • LifeGuard Page
  • Release Notes
  • Third Party Support Bulletin
  • Product Marketing Bulletin 

4. Disclosure

Through coordinated vulnerability disclosure, Zebra publishes notifications to Security Alerts Page.  For maximum awareness, Zebra, as appropriate, will report vulnerabilities to MITRE to have a Common Vulnerabilities and Exposures (CVE) assigned.