Contact

Vulnerability Response and Disclosure

Security researchers, customers, vendors, and industry partners can report Xylem product security vulnerabilities to product.security@xylem.com. Xylem recommends that you encrypt confidential information sent to Xylem via email with PGP encryption; the Xylem PSIRT public key is available here.

Vulnerability Reporting

When reporting a vulnerability, please include the following information:

  • Product name and version
  • Description of the potential vulnerability
  • Any special configuration required to reproduce the issue
  • Step by step instructions to reproduce the issue
  • Proof of concept or exploit code, if available
  • Potential impact
  • Any other relevant information

Subscribe to our newsletter or receive notifications on Xylem Security Advisories