Acer is committed to designing products and services that adhere to the highest security standards. In an effort to better protect our customers and their data, we are welcoming any information about potential security vulnerabilities in our products or services from customers, security researchers, academics, and other members of the security community.
This policy and advisory apply to all products, services, and digital assets developed, maintained, or operated by Acer. Third-party products or services not developed or managed by Acer are outside the scope of this policy and advisory.
We are ready to work with those who bring such related vulnerabilities to our attention and will acknowledge all relevant submissions. Acer will only validate reported vulnerabilities that are reproducible on Acer products using the latest version of software available at https://support.acer.com where applicable.
Vulnerabilities should be submitted to vulnerability@acer.com and should include the following items:
- Name of the hardware or software product containing the vulnerability with product serial number or version, if applicable
- A complete description of vulnerability
- The steps required to reproduce the vulnerability, including any relevant logs, screenshots, or proof-of-concept code
You will receive an acknowledgement of receipt of your vulnerability report within 48 hours, an initial status update within seven working days, and a notification when the reported vulnerability is remediated.
Acer may not be able to evaluate submissions that are incomplete or that do not include the information requested above. By submitting a vulnerability, you are agreeing to Acer’s Privacy Policy.
Acer may publish security related Informational Articles to share information about security-related topics such as:
- New security hardening features introduced;
- Product specific security configuration guides and best practices;
- Security vulnerabilities in third-party components, identified by vulnerability scanning tools but which are not exploitable from within the specified product;
- Installation instructions for applying specific security updates;
- Information regarding the effect of security updates in non-Acer product co-requisites and prerequisites which could have an impact on Acer products.
