Vulnerability disclosure policy

Toshiba Group collects information about vulnerabilities in our products and services, and evaluates their impact and risk based on the Information Security Early Warning Partnership*1 so that customers can continue using them without any concerns. When customers need to do anything to reduce cybersecurity risk, we will disclose information about the vulnerabilities and how to fix them at an appropriate time on our website, the Japan Vulnerability Notes (JVN*2) portal site, etc. In cases where a specific customer might be affected with regard to a social infrastructure product or service, we will contact the customer directly through our sales representative, etc.

*1 Information Security Early Warning Partnership (IPA)

*2 Japan Vulnerability Notes (JVN)