You are here

Report Security Vulnerabilities | Cypress Semiconductor

Report Security Vulnerabilities

Cypress takes security very seriously. If you have identified a security vulnerability in any Cypress product or system, please contact us immediately at psirt@cypress.com. We would like to hear from you and acknowledge your contribution to improving our products!

Security and vulnerability information is extremely sensitive. We request that you encrypt your email using the PSIRT PGP/GPG key below.

PGP/GPG Key

  • Fingerprint: 4283 B83A F283 571B 9487 C5F7 D319 9A8C 3AB4 636C
  • PGP/GPG key: Key

You can download PGP/GPG software to encrypt your email from GnuPG (free).

For maximum security, only download the key from this page. Keys downloaded from other sites may be prone to tampering.

Frequently Asked Questions

Q. What constitutes a security vulnerability?

A. A security vulnerability is a computer-system weakness that can be exploited to perform unauthorized actions.

Q. When reporting a security vulnerability, what information should I provide?

A. To report a security vulnerability in Cypress products or systems, please send an email to psirt@cypress.com. Please specify how you encountered the problem, what products were used, the dates they were purchased, and provide any other relevant details. For technical support, please visit the Cypress Developer Community.

Q. How soon after reporting a vulnerability can I expect a response from Cypress?

A. You should receive an immediate automated response acknowledging receipt of your email. The Cypress response team will then follow up with you within 24-72 hours.

We Appreciate your Support

Security threats are constantly changing and evolving, and Cypress is committed to continuously improving its security strategy. We appreciate your support in helping us to build secure solutions for our customers and partners.