Product security is an ongoing challenge, the work is never done. At Dialog Semiconductor we recognize that a key element is to have an effective process to receive, investigate and fix vulnerabilities identified by others.
The Dialog Product Security Incident Response Team (PSIRT) manages the process for all potential product security issues, hardware and software, to be properly received and addressed with appropriate urgency. For every issue attention is given to communication through each stage of the process to closure.
How to report a suspected product vulnerability
If you become aware of a vulnerability, and have reasonable concern that this could impact any Dialog product, then please send an email to PSIRT@diasemi.com detailing your concerns. To enable a speedy and effective response please ensure that all emails follow the guidelines below:
- All emails to be written in English
- Description of the potential vulnerability
- Reference to any specific end product you believe to be impacted by this vulnerability
- Reference to any official source, for example the National Vulnerability Database
- Reference to any specific Dialog product, IC and/or Software Development Kit (SDK)
- Contact details: name, role & organization
Please understand that the PSIRT@diasemi.com email address is for the reporting of potential security vulnerability issues only, it is not for general questions related to product security. If we receive emails that are not related to a potential vulnerability we will reply or re-direct your email accordingly.
About Dialog’s PSIRT
The Dialog PSIRT is the point of contact for all who have a concern regarding a potential product security issue. The PSIRT will ensure that all reports are quickly directed to the appropriate product teams and that the formal incident process is followed. The PSIRT guides all issues through to closure and will keep the reporter informed of the progress and outlook for each stage in the process.
The Dialog Security Incident Process
The Dialog process conforms to standard industry practices and can be divided into 5 distinct stages:
Intake ➡︎ Triage ➡︎ Analysis ➡︎ Fixes ➡︎ Lessons learned
To ensure common understanding the PSIRT will provide further explanation for each stage of the process to the reporter for all active incidents.
Below is a list of confirmed vulnerability incidents with a link to the report and product mitigations.
|SweynTooth Vulnerability||28 Feb 2020|
|LPC#4||Non-compliance to hopIncrement in Bluetooth specification||02 July 2020|
|LPC#5||Impersonation in the Passkey Entry Protocol||25 Jun 2021|