Vulnerabilities

Security Advisory

Solidigm provides public notification of security vulnerabilities through publication of a Public Security Advisory, document in PDF format posted on Solidigm.com. Each listed security vulnerability is given a CVE-ID (Common Vulnerabilities and Exposures - Identification) and a score based on the CVSS (Common Vulnerability Scoring System)™. Public Security Advisories provide information on the latest FW that has mitigated the vulnerability. Solidigm recommends customers always use the latest available firmware.

Solidigm Product Security Center

Solidigm prioritizes the security of the Solidigm SSDs deployed by our customers. We are committed to promptly address security vulnerabilities and to follow industry standard best practices in the publication of the Public Security Advisory.

To report a Vulnerability

If you have information about a security vulnerability or issue with a Solidigm product, please send an email to Security@solidigm.com.

If possible, please provide the following information:

1. Details of the impacted Solidigm product
2. Description of the issue or vulnerability
3. Any information regarding known exploitation
4. Contact information

A member of Solidigm’s Security Team will review the e-mail and may contact you to seek your willingness to collaborate on resolving the issue. Solidigm observes the following Vulnerability Handling Policies and Process:

Solidigm’s Vulnerability Handling Policies

• Solidigm’s Security Team proactively engages with our customers and industry regarding security vulnerabilities
• Solidigm follows best known practices to ensure vulnerabilities impacting Solidigm products are documented and communicated in a responsible manner
• Solidigm is committed to addressing security vulnerabilities in a timely manner, including providing guidance on the impact, severity, and mitigation
• Vulnerability information is treated in a sensitive manner. Solidigm recommends holding all information in confidence until we can be in contact and respond appropriately.

Solidigm’s Vulnerability Handling Policies

Solidigm’s Security Team follows a defined 4 step process:

1. Vulnerability Reporting – This is the start of the process where Solidigm becomes aware of a potential security vulnerability. In the case where the potential security has been notified by an external party, Solidigm will acknowledge receipt and will include the party in appropriate Security Disclosure information.
2. Vulnerability Evaluation – The Solidigm Security Team will confirm the reported potential vulnerability, assess the impact and risk and utilize the Common Vulnerabilities Scoring System (CVSS). Based on the Solidigm Security review, and if the vulnerability is actively being exploited there are two different paths the Solidigm Security Team will follow.
3. Vulnerability Solution – If the verified vulnerability is being exploited, Solidigm may publish a temporary solution or guidance to mitigate the exploitation while a responsible complete solution is developed. In all other cases, the Security Team will develop a complete solution that mitigates the documented vulnerability.
4. Vulnerability Disclosure – Solidigm will publish a Security Advisory of the vulnerability in an effective and timely manner. The document will be available to all customers on the Solidigm Security website at www.solidigm.com/support/