Who is a Vendor?

As software and computers find their way into more and more industries, more and more vendors find themselves becoming software vendors. Aside from the traditional software companies, we are seeing other industries such as:

  • consumer devices, such as internet modems, routers, and the internet of things (IoT) home automation
  • internet providers
  • cell phone manufacturers, and carriers
  • HVAC manufacturers
  • industrial control systems, including building automation
  • energy industry, including growth of "smart energy"
  • airline industry
  • automotive industry
  • medical devices and health devices manufacturers

Any company or organization that provides a product that relies on a computer or software is referred to as a vendor, even if your company doesn't directly make the computer or software components used by your products.

If you are producing products that rely on computers and software, you need to begin taking action now to have appropriate processes and response. The CERT/CC can help with that. The links provided below and at the left will provide some guidance on taking that action and working with us.


Guidance Overview

Please update your contact information with us by checking the Updating Vendor Contact Information page. See Sending Sensitive Information for our PGP key and further guidance on using PGP.

If you've received a notification from us, first, our Verifiying a CERT/CC Notification Message page will provide information on how to verify you have received a real notification from us. Then, please see our Working with the CERT/CC page will provide information on what we expect.

If you'd like to set up a security team at your organization to handle vulnerability reports and coordination and disclosure, please see Standards and Best Practices for Vulnerability Coordination and Disclosure.