Introduction
SolarEdge prioritizes the highest standards of cybersecurity to safeguard our customers, partners, and the broader solar energy industry. This commitment extends beyond protecting sensitive customer data; it encompasses securing our essential IT infrastructure that underpins our products, solutions, and services.
To achieve this goal, SolarEdge has implemented a comprehensive cybersecurity program that includes a robust cybersecurity team, secure development practices, regular security audits and penetration testing, and employee training.
SolarEdge is committed to continuous improvement in cybersecurity. We actively monitor cybersecurity trends, adopt industry best practices, and collaborate with security researchers to enhance our defenses. We believe that cybersecurity is not just a technical challenge but also a critical aspect of ensuring the safety and reliability of our solar energy solutions.
SolarEdge's Coordinated Vulnerability Disclosure Policy outlines the guidelines for reporting vulnerabilities, including:
- Reports must be submitted using the official Vulnerability Reporting Form.
- Reports must be submitted in good faith and must be accurate and complete.
- Reporters will not be penalized for reporting vulnerabilities in good faith.
Our Coordinated Vulnerability Disclosure Policy (CVDP) outlines the clear and accessible guidelines for reporting suspected vulnerabilities in our systems. We welcome input from:
- Security researchers and ethical hackers
- Industry groups and organizations
- CERTs and incident response teams
- Our valued partners
- Any individual who discovers and responsibly discloses legitimate cybersecurity vulnerabilities
Report
Upon receiving a vulnerability report, SolarEdge will promptly initiate an investigation and validate the issue. If a vulnerability is confirmed, it will be prioritized for remediation. SolarEdge will develop a patch or workaround to address the vulnerability and communicate with affected customers and partners regarding the vulnerability and the remediation process.
Advisories:
SEDG-2024-1
Contact Information
The Bug Bounty Program encourages cyber experts to communicate to SolarEdge any cyber security vulnerabilities they have uncovered and provide the Company with the opportunity to address such vulnerabilities before going public, in accordance with the terms of the program. SolarEdge offers rewards and monetary compensation for legitimate reports on cyber security threats following validation and verification. In accordance with our Responsible Disclosure Policy, SolarEdge will disclose these vulnerabilities after a stipulated period of time that first allows the Company to resolve them and thereby maintain the highest possible security of SolarEdge’s platforms and services for all stakeholders. Please ensure to submit reports using the official Vulnerability Reporting Form, and review terms and conditions.
------------------------
The bug bounty program is suspended until 01/01/2025
Coordinated Vulnerability Disclosure is still possible through the form below.