Contact Insyde

Report a BIOS or BMC Security Issue

Disclosure and Embargo Policy

If you believe you have found a vulnerability in an Insyde Software product, we encourage you to report the details to us. We will assign a member of our Office of Security and Trust to work with you during this process. We will acknowledge the report and give guidance on our future actions.

We will review your report and investigate the impact on our code. Usually within 7 business days, we will respond with the results of our studies. As a supplier, we provide services to many levels of the supply chains for complex products across many different industries. We request that you give us a minimum of 90 days to coordinate a disclosure plan with our partners. If the report leads to a public disclosure, this team member will provide the CVE ID to you with attribution if you desire. We thank you for your cooperation.

If you have information about a security issue or vulnerability with a product that may involve Insyde’s BIOS or BMC firmware, use Insyde Software’s SRT public PGP key (provided below) to send an encrypted e-mail and verify that security e-mails from Insyde Software are genuine.

Please send e-mails to security.report@insyde.com

Please provide as much information as possible, including:
  • The products and versions affected
  • Detailed description of the vulnerability
  • Steps to demonstrate the vulnerability or reproduce the exploit, including specific configurations or peripherals, if relevant
  • Potential impact of the vulnerability, when exploited
  • Information on known exploits

Thank you for reporting your findings!

—–BEGIN PGP PUBLIC KEY BLOCK—–
Comment: User-ID: Insyde Software Security Report <security.report@insyde.com>
Comment: Created: 9/1/2022 10:08 AM
Comment: Expires: 1/1/2027 12:00 PM
Comment: Type: 255-bit EdDSA (secret key available)
Comment: Usage: Signing, Encryption, Certifying User-IDs, SSH Authentication
Comment: Fingerprint: 8F09A3D2C5450556223C12119B2465EC39F45B40</security.report@insyde.com>

mDMEYxDm9RYJKwYBBAHaRw8BAQdALO583damFI+MWLBuRxSv7Q6yu+y1zLkyjX2/dByuuVq0PEluc3lkZSBTb2Z0d2FyZSBTZWN1cml0eSBSZXBvcnQgPHNlY3VyaXR5LnJlcG9ydEBpbnN5ZGUuY29tPoiZBBMWCgBBFiEEjwmj0sVFBVYiPBIRmyRl7Dn0W0AFAmMQ5vUCGyMFCQgnHssFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQmyRl7Dn0W0DWZAEAurvMEDAa67IGxDCVfD/Z26H5bnPtC5bwx5mtmmLFXVwA/RplQoahxpXEZmVEiyS7H/ZJFlKO9ZENxIHIw/vOPCwCuDgEYxDm9RIKKwYBBAGXVQEFAQEHQGt8IwmBBGAodUZYMCx9plrcGpn/wQP4izecjyuicwN8AwEIB4h+BBgWCgAmFiEEjwmj0sVFBVYiPBIRmyRl7Dn0W0AFAmMQ5vUCGwwFCQgnHssACgkQmyRl7Dn0W0BdTQD/YFG0tjfbDrm/zz+tZ6Mb1ulAIbXdThpC5nFBXve/h14A/jdXkvHStRPrSkh1h4GFJMjw3rFa3SvM+fE17evaH78I=4ro7
—–END PGP PUBLIC KEY BLOCK—–