Mitsubishi Electric has established the Mitsubishi Electric PSIRT (Product Security Incident Response Team) as an internal framework for responding to incidents related to the information security quality of our products and services, and is making company-wide efforts for improving the information security of our products and services.
Mitsubishi Electric PSIRT takes responsibility for widely collecting information related to vulnerabilities of products and services provided to customers, and swiftly taking countermeasures against discovered vulnerabilities, in cooperation with product design and production departments and service management departments. In addition, information related to vulnerabilities and countermeasures will be publicly disclosed to customers.
We will also promote the introduction of product designing and development methods to preclude vulnerabilities from being created during the stages before products and services are provided to customers, and will conduct necessary Product Security training to all the executives and employees involved in the development of products and services.
Mitsubishi Electric is certified as a CNA (CVE Numbering Authority) in the CVE (Common Vulnerabilities and Exposures) Program and authorized to assign CVE Identifiers (CVE IDs)* to vulnerabilities affecting products within our distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. This allows us to practice efficient vulnerability handling with external stakeholders.
* CVE ID is an identifier for vulnerabilities used internationally.