HOW TO REPORT A STIHL VULNERABILITY

Why is it important to report vulnerabilities?

At STIHL, we take the security of our systems and data seriously. We recognise the importance of collaboration with customers, security researchers and members of the broader community to identify and address potential vulnerabilities.

This policy applies to all systems, software, products, and infrastructure owned or operated by Andreas Stihl Limited.  

How to make a report

1. Gather relevant information

When reporting a vulnerability, please include the following information:

  • Item number of the affected product
  • Type of vulnerability
  • Vulnerable component and version
  • CVE-ID or CWE-ID, if available

Please do not send us sensitive information that could be used to exploit the vulnerability. After the initial contact we will provide you with a secure communication channel to upload and share further information.

2. Submit your report

To report a vulnerability, please send an email to security@stihl.com.

Please use a descriptive subject line, such as "Security Vulnerability Report," and provide the information mentioned above in your email.

3. Response and collaboration

After submitting your report, our security team will review it and send an acknowledgement within 7 days. We will work on your report to verify and address the vulnerability. If necessary, we will share a secure communication channel with you to gather further information. We will update you at least every four weeks by email until the issue is resolved.

Contact us

For general inquiries or assistance, please contact us at enquiries@stihl.co.uk.

Data Privacy

To learn more about the basis on which personal data is processed, please read this Privacy Notice.