ANNOUNCEMENT
Flex delivers advanced power management for next-generation NVIDIA AI infrastructure
Flex companies
Contact us

Flex Automotive Product Security Incident Response Management (PSIRM)

At Flex, we prioritize the security, safety, and reliability of our products above all.

In the unlikely event of a product-related Security issue of a Flex automotive product, we have a well-defined, transparent incident management process to address concerns swiftly, minimize risks, and deliver effective solutions.

The Flex Automotive Product Security Incident Response Team (PSIRT) serves as the primary contact for external security researchers, partners, and customers to report cybersecurity concerns regarding automotive products developed by Flex.

Submitting a Request

If you believe you have discovered a potential security vulnerability in a Flex Automotive product, please reach out to us at: Automotive PSIRT: automotivepsirt@flex.com

When reporting, please provide the following information:

  • Name: If you prefer to remain anonymous, we will respect your privacy.
  • Contact Information: Details on how we can reach you if additional clarification or information is needed.
  • Description: A detailed technical explanation of the vulnerability and its potential impact.
  • Affected Flex Components: Relevant details, such as model, firmware version, product or serial number, or any publicly available information or links related to the issue.

How We Respond to Product Incidents

Immediate Action


Reporter Feedback:
When a vulnerability report is submitted, we generate a tracking number and provide it to the reporter for their reference, ensuring transparency and traceability.


Incident Assessment:
Our dedicated Product Security Incident Management Team conducts an initial assessment of all incident reports within a defined timeframe to prioritize and categorize incidents based on severity and potential impact.


Risk Containment:
We implement immediate safety measures, which may include temporary fixes, product recalls, or other actions necessary to safeguard stakeholders, in accordance with risk assessment protocols.


Clear Communication:
We maintain open, proactive communication channels with customers, partners, and regulatory authorities, providing timely updates on incident status and actions taken. In addition, all response activities and decision are documented through the course of the response in and incident log.

Root Cause Analysis


In-depth Investigation:
Our technical experts use advanced diagnostic tools and methodologies to conduct a thorough investigation aimed at identifying the root cause of the issue.


Data-Driven Methods:
We apply systematic root cause analysis techniques to ensure a comprehensive understanding of the issue.


Collaboration:
We engage in collaborative efforts with automotive OEMs, third-party experts, and relevant stakeholders to ensure a holistic evaluation of the incident and its implications.

Resolution and Prevention


Timely Remediation:
We prioritize the design, implementation, and validation of effective solutions to address identified issues promptly, minimizing disruption and risk to stakeholders.


Preventive Measures:
We conduct a thorough review of internal processes and implement design improvements based on lessons learned to prevent recurrence of similar incidents in the future.


Recall Management:
For affected products, we adhere to a structured recall process that prioritizes customer safety and satisfaction.


Information Sharing:
Being a member of Automotive Information Sharing and Analysis Community (Auto-ISAC), we commit to sharing relevant vulnerability information with the Automotive Community, ensuring that such disclosures are made in full alignment with all affected customers and in compliance with applicable regulations.