Responsible Disclosure is an ethical method to report system vulnerabilities in our ICT system, which allows us sufficient time to identify and apply the appropriate countermeasures before these vulnerabilities might become public.
By following this method, the sender helps us to identify and resolve system flaws, thus providing a valuable and efficient contribution to increase the security of ICT services and customers data and avoiding damage or disruption to our systems.
Should customers, researchers or experts identify one or more vulnerabilities in any of the following environments:
they can send the information to Ferrari following the procedure laid out below.
The reporting person must avoid performing any activity that can either disrupt the impacted system or service or cause any data leakage/loss, limiting his/her use of the system/service to the minimum necessary and refraining from accessing data not strictly necessary to prove the existence of the vulnerability.
Specifically, whoever activates the procedure must send the information via email to responsible_disclosure@ferrari.com. Please include the following technical information:
Please observe strict secrecy on all information pertaining to the vulnerabilities discovered, and therefore commit not to reveal any of these, entirely or partially, or in any form make them available to third parties without Ferrari authorization.
Once a notice has been received, Ferrari is committed to following up as follows:
Below you will find some examples of vulnerability categories, which are considered eligible for publication in the Hall of Fame:
On the other hand, the following situations are not covered by this Responsible Disclosure initiative and therefore are not eligible for the Hall of Fame:
While carrying out your activities please respect the following rules:
We would like to thank all persons who make a responsible disclosure to us and recognize their valuable contribution in increasing the security of our products and services for our benefit and for the benefit of our customers by featuring those contributors in our hall of fame.
Ferrari reserves the right to update this Responsible Disclosure programme at any time.
If at any time you have questions about this programme, feel free to reach out to responsible_disclosure@ferrari.com
This programme is based on guidance issued in 2022 by Enisa, available here: