Introduction
SolarEdge prioritizes the highest standards of cybersecurity to safeguard our customers, partners, and the broader solar energy industry. This commitment extends beyond protecting sensitive customer data; it encompasses securing our essential IT infrastructure that underpins our products, solutions, and services.
To achieve this goal, SolarEdge has implemented a comprehensive cybersecurity program that includes a robust cybersecurity team, secure development practices, regular security audits and penetration testing, and employee training.
SolarEdge is committed to continuous improvement in cybersecurity. We actively monitor cybersecurity trends, adopt industry best practices, and collaborate with security researchers to enhance our defenses. We believe that cybersecurity is not just a technical challenge but also a critical aspect of ensuring the safety and reliability of our solar energy solutions.
SolarEdge's Coordinated Vulnerability Disclosure Policy outlines the guidelines for reporting vulnerabilities, including:
- Reports must be submitted using the official Vulnerability Reporting Form.
- Reports must be submitted in good faith and must be accurate and complete.
- Reporters will not be penalized for reporting vulnerabilities in good faith.
Our Coordinated Vulnerability Disclosure Policy (CVDP) outlines the clear and accessible guidelines for reporting suspected vulnerabilities in our systems. We welcome input from:
- Security researchers and ethical hackers
- Industry groups and organizations
- CERTs and incident response teams
- Our valued partners
- Any individual who discovers and responsibly discloses legitimate cybersecurity vulnerabilities
Report
Upon receiving a vulnerability report, SolarEdge will promptly initiate an investigation and validate the issue. If a vulnerability is confirmed, it will be prioritized for remediation. SolarEdge will develop a patch or workaround to address the vulnerability and communicate with affected customers and partners regarding the vulnerability and the remediation process.
Advisories:
SEDG-2024-1
Contact Information
The Bug Bounty Program encourages cyber experts to report any cybersecurity vulnerabilities they have discovered to SolarEdge, providing the Company an opportunity to address these issues before they are made public. However, at this time, SolarEdge is not offering monetary compensation or rewards for reports submitted through the program. The Company remains committed to addressing vulnerabilities in line with our Responsible Disclosure Policy, and will resolve any reported issues to maintain the highest security standards for SolarEdge platforms and services. Please ensure you submit reports using the official Vulnerability Reporting Form and review the terms and conditions.
------------------------
Coordinated Vulnerability Disclosure is still possible through the form below.