Page Overview: How to report vulnerabilities

How to report vulnerabilities

BMW GROUP. SECURITY.

The security of our products and services is top priority for us – so we naturally respect and appreciate the work of security experts in this area. You can also help us by identifying vulnerabilities so we can address them.

If you discover a vulnerability, please contact us.
Always ensure that your message is encrypted.
You can use our PGP key for this purpose and add your public PGP key in return.

 

Notes on how to report vulnerabilities:

  • Please write your correspondence in English or German, if possible.
  • Please provide your name and contact information.
  • So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
  • Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).
  • Common vulnerabilites are excluded.

We will try to respond to your message and provide you with feedback within two to three business days. 

Recognition of security experts.

The BMW Group wishes to thank and acknowledge the security experts who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.

2019

Aditya Yadamreddy & Sandeep Gumadam
Independent Security Researchers

Ahmed Elsadat
Independent Security Researcher

Alexis Laborier
Independent Security Researcher 

Alfie Njeru
Independent Security Researcher 

Alireza Azimzadeh Milani
Independent Security Researcher

Andi Rrahmani
Independent Security Researcher

Ashiq Mohammed
Independent Security Researcher

Aykut Akar
Independent Security Researcher

Daniel Kalinowski
ISEC.pl Research Team

Kasper Karlsson
Omegapoint

Krystian Powójski
Independent Security Researcher

Michael Kjeldsen
Independent Security Researcher

Miguel Santareno
Independent Security Researcher

Mohammed Adel
Independent Security Researcher

Mohan Balaji
Briskinfosec

Mustafa Can Ipekci
Independent Security Researcher

Pankaj Kumar Thakur
Independent Security Researcher

Romain 'NERVx' Lechevalier
Cybup

Saeel Relekar
Independent Security Researcher

Shakhawat Parvez
SecMiners

Sumit Grover (@sumgr0)
Independent Security Researcher

Syed Abuthahir
Independent Security Researcher

Tinu Tomy
Independent Security Researcher

Umar Ahmed Siddiqui
Independent Security Researcher

Wai Yan Aung
Independent Security Researcher

Wei Xuan Z
Independent Security Researcher

X. Alex Daniel Raj
Independent Security Researcher

2018

KEEN SECURITY LAB
Tencent
CVE-2018-9311; CVE-2018-9312; CVE-2018-9313;
CVE-2018-9314; CVE-2018-9318; CVE-2018-9320;
CVE-2018-9322

SI9INT
Independent Security Researcher

JUSTIN LISTER
Adaptiv Pte Ltd

FLORIAN KUNUSHEVCI
Independent Security Researcher  

2015

DIETER SPAAR
on behalf of the ADAC