Report Potential Security Vulnerability

Symantec's commitment to information security

Note: For account-related issues, such as an alert you received or problems accessing your account, please use our Member Support Center.

Digital security threats continue to evolve and we welcome the responsible disclosure of potential bugs, security issues, or vulnerabilities to improve our security risk posture. To report a technical security issue, such as a vulnerability, please visit lifelock.responsibledisclosure.com.

Introduction

Symantec is committed to resolving security vulnerabilities in our products quickly and responsibly. We take the appropriate steps to minimize customer risk, provide timely information, and deliver vulnerability fixes and mitigations to address security threats in Symantec software, and in LifeLock product offerings.

As a founding member of the Organization for Internet Safety (OIS), Symantec is committed to following the Responsible Disclosure guidelines developed by OIS and described in ISO 29417 for externally reported vulnerabilities in Symantec products. These guidelines encourage open communication between finders and vendors, clarify responsibilities between parties, and protect individuals, enterprises, and internet infrastructure from exploitation whenever possible. We work closely with researchers who communicate vulnerabilities to us.

How to report a security vulnerability

To report a security vulnerability that impacts LifeLock products or services, please follow the below steps:

  1. Visit https://lifelock.responsibledisclosure.com.
  2. Create an account to sign in.
  3. Once you sign in, read the Terms of Service.
  4. Click “Get Started” to submit the vulnerability details, including but not limited to,
    • Vulnerability Description
    • Vulnerability Category
    • Vulnerability Location(s)
    • Validation Steps
    • Impact
  5. If available, please also provide files that provide additional vulnerability details.
  6. Once all required fields are completed, click “Submit”.
  7. The submitted vulnerability will be reviewed to verify the finding.
Mitigation and remediation of findings

If the submitted vulnerability is confirmed as valid, Symantec will move forward with providing remediation or mitigation of the issue depending on the type, severity, and impact.

Conclusion

Symantec is committed to addressing and resolving security vulnerabilities. We work with reporters to review, validate, and mitigate security issues that are reported pursuant to the responsible disclosure guidelines.

FREE

Free Identity Protection Guide when you sign up for LifeLock emails.

We use the information you provide in accordance with our privacy policy.