My IBM Log in

Security vulnerability management

Learn how IBM addresses security and AI vulnerabilities in its products and websites
Product Security Incident Response Team (PSIRT)

Product Security Incident Response Team (PSIRT)

IBM PSIRT is the centralized process for reporting potential IBM security and AI vulnerabilities. IBM Secure Engineering practices were designed to help IBM act in a timely fashion on reported issues affecting products or solutions. To protect customers, IBM does not disclose or confirm vulnerabilities until an analysis is complete, and fixes or mitigations are issued.

A global team manages the investigation of vulnerability information related to all IBM products and websites. With the product teams, they identify appropriate responses, ensuring communication between all involved parties. The PSIRT process is risk-based and influenced by the FIRST framework: Discovery, Triage, Remediation, Disclosure.
Vulnerability reporting

Vulnerability reporting

Report potential security and AI vulnerabilities in IBM products and websites, protected by IBM Safe Harbor Policy, using the reporting methods available in this section.

 Technical support

Clients and users can report any potential vulnerabilities discovered in IBM products

 Hackerone.com/IBM

Third-party researchers and other security entities can report potential vulnerabilities in IBM products or websites

 Email IBM

Report product vulnerabilities by email to IBM. Use the IBM PGP public key to encrypt email if necessary.

 Anonymous reporting

Report product or website vulnerabilities via an anonymous form
Security notifications

Security notifications

Get access to IBM Security Bulletins, Common Vulnerabilities and Exposures, critical software updates, and notices on potential security threats to IBM products and services.
Overview of IBM Security Bulletins

IBM communicates security vulnerabilities via bulletins or targeted methods, ensuring analysis before public disclosure.

 Learn more
Review IBM Security Bulletins

Find all Common Vulnerabilities and Exposures affecting IBM products in our CVE Database in a search form.

 Review vulnerabilities
Subscribe to IBM Security Bulletins

Sign up for My Notifications to receive critical IBM software updates and proactively prevent issues.

 Sign up
IBM Z and LinuxOne Security Portal

The IBM System Integrity Statement reflects decades of trust and commitment in IBM Z and LinuxOne platforms.

 Read statement
IBM Cloud Security Bulletins

View notices regarding potential security threats that might affect IBM Cloud platform and services.

 View notices
Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Goods Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility