Purpose of the Policy

The Yokogawa Group expresses its sincerest gratitude to stakeholders for collaboration in mitigating the risk of vulnerabilities, that are weakness to cyberattacks, with a view to ensuring the security of customers’ assets.

Basic Policy

The Yokogawa Group shall work to support ensuring the safety of our customers' assets with the recognition that continuous risk assessment and taking measures to cyber-threats are one of the most important tasks for customers’ asset management.



1. Acceptance of information

The Yokogawa Group accepts information on vulnerabilities of our products from any party. Normally, the Group will contact the reporter regarding acceptance of the vulnerability information within one or two business days. The Group may ask for additional information.
Please report vulnerability information from the following:

Based on the concept of Coordinated Vulnerability Disclosure (CVD)(*3), the Yokogawa Group request to the reporter to report discovered vulnerabilities to the Yokogawa Group or CERT organizations in advance of disclosure.

2. Investigation of vulnerabilities

The Yokogawa Group will investigate products that will be affected by vulnerabilities, The Group will share the results with the reporter. It will rate the level of severity of the vulnerabilities under the Common Vulnerability Scoring System (CVSS)(*4).

3. Preparations for countermeasures

- Remediation: Patch, fix, upgrade and suchlike to either remove or mitigate a vulnerability
- Workaround: Actions and others aimed at reducing impacts of attacks that exploit vulnerabilities

4. Information offering

The Yokogawa Group will provide customers with the Yokogawa Security Advisory Report (YSAR), which includes information on vulnerabilities. Before doing so, it will coordinate the YSAR’s content and the timing of its provision with the reporter and with CERT organizations.
- Content of the YSAR
The YSAR will include the following information.
- Descriptions of vulnerabilities
- vwin官方网站产品及其受漏洞影响的版本
- Level of severity (rated under the CVSS)
- Details of countermeasures
- Information about the reporter (if the reporter agrees)
- 联系查询
- 提供YSAR的方法
The Yokogawa Group will provide the YSAR in the following manners.
- Disclosure on the Yokogawa Group website
- 根据个人产品的维护服务协议提供信息vwin官方网站
- Timing of provision of the YSAR
In principal, the Yokogawa Group will provide the information after it becomes ready to provide the remediation.However, it will consider offering information at the time it becomes ready to provide the workaround in a case where it is necessary to swiftly offer information to customers, such as cases where attacks exploiting the vulnerabilities have been already observed.

(*1) Organizations that accepts and publishes vulnerabilities information and that gives alert, such as JPCERT/CC, CERT/CC and ICS/CERT
Reference: Common Vulnerability Scoring Systemhttps://www.first.org/cvss/

Contact for Inquiries

For inquiries concerning the handling of vulnerabilities, please contact us at the following address.

Revision History

November 20, 2018: Established

Looking for more information on our people, technology and solutions?

Contact Us